{"count":1116142,"next":"http://public2.vulnerablecode.io/api/packages?page=2","previous":null,"results":[{"url":"http://public2.vulnerablecode.io/api/packages/374082","purl":"pkg:alpm/archlinux/389-ds-base@1.4.4.4-5","type":"alpm","namespace":"archlinux","name":"389-ds-base","version":"1.4.4.4-5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.2-1","latest_non_vulnerable_version":"2.0.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80736","vulnerability_id":"VCID-pexr-smr8-gbhh","summary":"389-ds-base: information disclosure during the binding of a DN","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35518","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74018","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74233","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74176","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74024","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74021","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74055","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74073","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74105","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7414","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74148","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74141","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74168","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74191","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565","reference_id":"1905565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565"},{"reference_url":"https://security.archlinux.org/AVG-1482","reference_id":"AVG-1482","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0599","reference_id":"RHSA-2021:0599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1086","reference_id":"RHSA-2021:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1243","reference_id":"RHSA-2021:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1258","reference_id":"RHSA-2021:1258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2323","reference_id":"RHSA-2021:2323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2323"},{"reference_url":"https://usn.ubuntu.com/USN-5231-1/","reference_id":"USN-USN-5231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374083","purl":"pkg:alpm/archlinux/389-ds-base@2.0.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1"}],"aliases":["CVE-2020-35518"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pexr-smr8-gbhh"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@1.4.4.4-5"},{"url":"http://public2.vulnerablecode.io/api/packages/374083","purl":"pkg:alpm/archlinux/389-ds-base@2.0.2-1","type":"alpm","namespace":"archlinux","name":"389-ds-base","version":"2.0.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.7-1","latest_non_vulnerable_version":"2.0.7-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80736","vulnerability_id":"VCID-pexr-smr8-gbhh","summary":"389-ds-base: information disclosure during the binding of a DN","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35518","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74018","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74233","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74176","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74024","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74021","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74055","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74073","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74105","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7414","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74148","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74141","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74168","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74191","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565","reference_id":"1905565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565"},{"reference_url":"https://security.archlinux.org/AVG-1482","reference_id":"AVG-1482","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0599","reference_id":"RHSA-2021:0599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1086","reference_id":"RHSA-2021:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1243","reference_id":"RHSA-2021:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1258","reference_id":"RHSA-2021:1258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2323","reference_id":"RHSA-2021:2323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2323"},{"reference_url":"https://usn.ubuntu.com/USN-5231-1/","reference_id":"USN-USN-5231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374083","purl":"pkg:alpm/archlinux/389-ds-base@2.0.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1"}],"aliases":["CVE-2020-35518"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pexr-smr8-gbhh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373589","purl":"pkg:alpm/archlinux/389-ds-base@2.0.3-2","type":"alpm","namespace":"archlinux","name":"389-ds-base","version":"2.0.3-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.7-1","latest_non_vulnerable_version":"2.0.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80468","vulnerability_id":"VCID-4tn2-her5-6fe1","summary":"389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3514","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56838","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5693","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56984","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56991","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56948","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56951","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5762","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5829","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5822","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58137","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5824","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5818","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58192","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.58874","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952907","reference_id":"1952907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952907"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727","reference_id":"988727","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727"},{"reference_url":"https://security.archlinux.org/ASA-202107-72","reference_id":"ASA-202107-72","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-72"},{"reference_url":"https://security.archlinux.org/AVG-2206","reference_id":"AVG-2206","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2595","reference_id":"RHSA-2021:2595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2796","reference_id":"RHSA-2021:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3955","reference_id":"RHSA-2021:3955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0952","reference_id":"RHSA-2022:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0952"},{"reference_url":"https://usn.ubuntu.com/USN-5231-1/","reference_id":"USN-USN-5231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373590","purl":"pkg:alpm/archlinux/389-ds-base@2.0.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1"}],"aliases":["CVE-2021-3514"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tn2-her5-6fe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80201","vulnerability_id":"VCID-knxk-357y-efhh","summary":"389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3652","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30022","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29999","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30095","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30099","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30056","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29771","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30427","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3045","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30517","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30566","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30426","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3368","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33528","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782","reference_id":"1982782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405","reference_id":"991405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405"},{"reference_url":"https://security.archlinux.org/ASA-202107-72","reference_id":"ASA-202107-72","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-72"},{"reference_url":"https://security.archlinux.org/AVG-2206","reference_id":"AVG-2206","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3079","reference_id":"RHSA-2021:3079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3807","reference_id":"RHSA-2021:3807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3906","reference_id":"RHSA-2021:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3955","reference_id":"RHSA-2021:3955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373590","purl":"pkg:alpm/archlinux/389-ds-base@2.0.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1"}],"aliases":["CVE-2021-3652"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knxk-357y-efhh"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.3-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373590","purl":"pkg:alpm/archlinux/389-ds-base@2.0.7-1","type":"alpm","namespace":"archlinux","name":"389-ds-base","version":"2.0.7-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80468","vulnerability_id":"VCID-4tn2-her5-6fe1","summary":"389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3514","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56838","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5693","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56984","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56991","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56948","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56951","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5762","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5829","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5822","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58137","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5824","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5818","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58192","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.58874","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952907","reference_id":"1952907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952907"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727","reference_id":"988727","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727"},{"reference_url":"https://security.archlinux.org/ASA-202107-72","reference_id":"ASA-202107-72","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-72"},{"reference_url":"https://security.archlinux.org/AVG-2206","reference_id":"AVG-2206","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2595","reference_id":"RHSA-2021:2595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2796","reference_id":"RHSA-2021:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3955","reference_id":"RHSA-2021:3955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0952","reference_id":"RHSA-2022:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0952"},{"reference_url":"https://usn.ubuntu.com/USN-5231-1/","reference_id":"USN-USN-5231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373590","purl":"pkg:alpm/archlinux/389-ds-base@2.0.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1"}],"aliases":["CVE-2021-3514"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tn2-her5-6fe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80201","vulnerability_id":"VCID-knxk-357y-efhh","summary":"389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3652","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30022","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29999","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30095","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30099","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30056","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29771","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30427","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3045","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30517","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30566","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30426","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3368","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33528","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782","reference_id":"1982782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405","reference_id":"991405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405"},{"reference_url":"https://security.archlinux.org/ASA-202107-72","reference_id":"ASA-202107-72","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-72"},{"reference_url":"https://security.archlinux.org/AVG-2206","reference_id":"AVG-2206","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3079","reference_id":"RHSA-2021:3079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3807","reference_id":"RHSA-2021:3807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3906","reference_id":"RHSA-2021:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3955","reference_id":"RHSA-2021:3955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373590","purl":"pkg:alpm/archlinux/389-ds-base@2.0.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1"}],"aliases":["CVE-2021-3652"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knxk-357y-efhh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372389","purl":"pkg:alpm/archlinux/a2ps@4.14-8","type":"alpm","namespace":"archlinux","name":"a2ps","version":"4.14-8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.14-9","latest_non_vulnerable_version":"4.14-9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85450","vulnerability_id":"VCID-436p-4bjx-7khu","summary":"a2ps: output_file() format string flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8107","reference_id":"","reference_type":"","scores":[{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82879","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82828","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82826","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82842","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82618","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82649","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82645","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8269","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82725","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82728","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82751","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8276","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82786","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82807","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8107"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107"},{"reference_url":"http://seclists.org/oss-sec/2015/q4/284","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2015/q4/284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/77595","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283156","reference_id":"1283156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283156"},{"reference_url":"https://security.archlinux.org/ASA-202005-4","reference_id":"ASA-202005-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-4"},{"reference_url":"https://security.archlinux.org/AVG-1150","reference_id":"AVG-1150","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1150"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8107","reference_id":"CVE-2015-8107","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8107"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372390","purl":"pkg:alpm/archlinux/a2ps@4.14-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9"}],"aliases":["CVE-2015-8107"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-436p-4bjx-7khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31989","vulnerability_id":"VCID-jyey-2ny4-akeh","summary":"A vulnerability in a2ps' fixps script might allow remote attackers\n    to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0466","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56853","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56761","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56878","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56905","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56909","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56917","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56874","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56903","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.569","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56817","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56816","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56771","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56829","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1082410","reference_id":"1082410","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1082410"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902","reference_id":"742902","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"},{"reference_url":"https://security.archlinux.org/ASA-202005-4","reference_id":"ASA-202005-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-4"},{"reference_url":"https://security.archlinux.org/AVG-1150","reference_id":"AVG-1150","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1150"},{"reference_url":"https://security.gentoo.org/glsa/201701-67","reference_id":"GLSA-201701-67","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372390","purl":"pkg:alpm/archlinux/a2ps@4.14-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9"}],"aliases":["CVE-2014-0466"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyey-2ny4-akeh"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-8"},{"url":"http://public2.vulnerablecode.io/api/packages/372390","purl":"pkg:alpm/archlinux/a2ps@4.14-9","type":"alpm","namespace":"archlinux","name":"a2ps","version":"4.14-9","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85450","vulnerability_id":"VCID-436p-4bjx-7khu","summary":"a2ps: output_file() format string flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8107","reference_id":"","reference_type":"","scores":[{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82879","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82828","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82826","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82842","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82618","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82649","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82645","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8269","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82725","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82728","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82751","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8276","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82786","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82807","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8107"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107"},{"reference_url":"http://seclists.org/oss-sec/2015/q4/284","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2015/q4/284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/77595","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283156","reference_id":"1283156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283156"},{"reference_url":"https://security.archlinux.org/ASA-202005-4","reference_id":"ASA-202005-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-4"},{"reference_url":"https://security.archlinux.org/AVG-1150","reference_id":"AVG-1150","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1150"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8107","reference_id":"CVE-2015-8107","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8107"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372390","purl":"pkg:alpm/archlinux/a2ps@4.14-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9"}],"aliases":["CVE-2015-8107"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-436p-4bjx-7khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31989","vulnerability_id":"VCID-jyey-2ny4-akeh","summary":"A vulnerability in a2ps' fixps script might allow remote attackers\n    to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0466","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56853","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56761","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56878","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56905","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56909","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56917","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56874","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56903","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.569","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56817","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56816","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56771","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56829","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1082410","reference_id":"1082410","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1082410"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902","reference_id":"742902","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"},{"reference_url":"https://security.archlinux.org/ASA-202005-4","reference_id":"ASA-202005-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-4"},{"reference_url":"https://security.archlinux.org/AVG-1150","reference_id":"AVG-1150","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1150"},{"reference_url":"https://security.gentoo.org/glsa/201701-67","reference_id":"GLSA-201701-67","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372390","purl":"pkg:alpm/archlinux/a2ps@4.14-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9"}],"aliases":["CVE-2014-0466"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyey-2ny4-akeh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9"},{"url":"http://public2.vulnerablecode.io/api/packages/373088","purl":"pkg:alpm/archlinux/ansible@2.2.0.0-1","type":"alpm","namespace":"archlinux","name":"ansible","version":"2.2.0.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.1.0rc5-3","latest_non_vulnerable_version":"2.10.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5724","vulnerability_id":"VCID-yc8n-wxb4-1uaz","summary":"Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0448","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0515","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9587","reference_id":"","reference_type":"","scores":[{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86775","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86762","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86744","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86723","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86714","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86817","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86787","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88523","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88554","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88561","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.8855","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88499","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88506","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:C/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m956-frf4-m2wr","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m956-frf4-m2wr"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201701-77","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-77"},{"reference_url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352"},{"reference_url":"https://www.exploit-db.com/exploits/41013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41013"},{"reference_url":"https://www.exploit-db.com/exploits/41013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41013/"},{"reference_url":"http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404378","reference_id":"1404378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846","reference_id":"850846","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846"},{"reference_url":"https://security.archlinux.org/AVG-137","reference_id":"AVG-137","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-137"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587","reference_id":"CVE-2016-9587","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt","reference_id":"CVE-2016-9587;CT-2017-0109","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt"},{"reference_url":"https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt","reference_id":"CVE-2016-9587;CT-2017-0109","reference_type":"exploit","scores":[],"url":"https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0195","reference_id":"RHSA-2017:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0260","reference_id":"RHSA-2017:0260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0260"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373089","purl":"pkg:alpm/archlinux/ansible@2.2.1.0rc5-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3"}],"aliases":["CVE-2016-9587","GHSA-m956-frf4-m2wr","PYSEC-2018-39"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.0.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373089","purl":"pkg:alpm/archlinux/ansible@2.2.1.0rc5-3","type":"alpm","namespace":"archlinux","name":"ansible","version":"2.2.1.0rc5-3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.10.7-1","latest_non_vulnerable_version":"2.10.7-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5724","vulnerability_id":"VCID-yc8n-wxb4-1uaz","summary":"Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0448","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0515","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9587","reference_id":"","reference_type":"","scores":[{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86775","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86762","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86744","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86723","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86714","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86817","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86787","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88523","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88554","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88561","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.8855","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88499","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04078","scoring_system":"epss","scoring_elements":"0.88506","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:C/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m956-frf4-m2wr","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m956-frf4-m2wr"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201701-77","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-77"},{"reference_url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352"},{"reference_url":"https://www.exploit-db.com/exploits/41013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41013"},{"reference_url":"https://www.exploit-db.com/exploits/41013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41013/"},{"reference_url":"http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404378","reference_id":"1404378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846","reference_id":"850846","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846"},{"reference_url":"https://security.archlinux.org/AVG-137","reference_id":"AVG-137","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-137"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587","reference_id":"CVE-2016-9587","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt","reference_id":"CVE-2016-9587;CT-2017-0109","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt"},{"reference_url":"https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt","reference_id":"CVE-2016-9587;CT-2017-0109","reference_type":"exploit","scores":[],"url":"https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0195","reference_id":"RHSA-2017:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0260","reference_id":"RHSA-2017:0260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0260"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373089","purl":"pkg:alpm/archlinux/ansible@2.2.1.0rc5-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3"}],"aliases":["CVE-2016-9587","GHSA-m956-frf4-m2wr","PYSEC-2018-39"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/374065","purl":"pkg:alpm/archlinux/ansible@2.10.5-1","type":"alpm","namespace":"archlinux","name":"ansible","version":"2.10.5-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.10.7-1","latest_non_vulnerable_version":"2.10.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13372","vulnerability_id":"VCID-atun-stks-4kcb","summary":"Insertion of Sensitive Information into Log File\nA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20180","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11279","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11226","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11182","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11007","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11105","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11285","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11345","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11204","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11171","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11214","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11275","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11149","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11147","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11284","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11312","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1915808","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1915808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst"},{"reference_url":"https://github.com/ansible/ansible/pull/73242","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73242"},{"reference_url":"https://github.com/ansible/ansible/pull/73243","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73243"},{"reference_url":"https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control"},{"reference_url":"https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20180","reference_id":"CVE-2021-20180","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20180"},{"reference_url":"https://github.com/advisories/GHSA-fh5v-5f35-2rv2","reference_id":"GHSA-fh5v-5f35-2rv2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh5v-5f35-2rv2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"}],"aliases":["CVE-2021-20180","GHSA-fh5v-5f35-2rv2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6457","vulnerability_id":"VCID-fj2p-7wkh-1fhq","summary":"A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08068","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08018","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07994","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08008","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07802","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0786","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07933","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13388","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13435","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13498","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13367","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13571","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1351","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C"},{"reference_url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/pull/1635"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.general/pull/1635,"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"}],"aliases":["CVE-2021-20178","GHSA-wv5p-gmmv-wh9v","PYSEC-2021-106"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6459","vulnerability_id":"VCID-xw8r-fn6y-mbhp","summary":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2021-20191"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06806","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06803","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0661","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06568","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06825","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06863","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11108","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11131","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1121","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1108","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11089","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20191"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0"},{"reference_url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc"},{"reference_url":"https://github.com/ansible/ansible/pull/73488","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73488"},{"reference_url":"https://github.com/ansible/ansible/pull/73489","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73489"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"}],"aliases":["CVE-2021-20191","GHSA-8f4m-hccc-8qph","PYSEC-2021-124"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.5-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","type":"alpm","namespace":"archlinux","name":"ansible","version":"2.10.7-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13372","vulnerability_id":"VCID-atun-stks-4kcb","summary":"Insertion of Sensitive Information into Log File\nA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20180","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11279","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11226","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11182","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11007","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11105","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11285","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11345","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11204","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11171","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11214","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11275","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11149","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11147","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11284","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11312","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1915808","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1915808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst"},{"reference_url":"https://github.com/ansible/ansible/pull/73242","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73242"},{"reference_url":"https://github.com/ansible/ansible/pull/73243","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73243"},{"reference_url":"https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control"},{"reference_url":"https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20180","reference_id":"CVE-2021-20180","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20180"},{"reference_url":"https://github.com/advisories/GHSA-fh5v-5f35-2rv2","reference_id":"GHSA-fh5v-5f35-2rv2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh5v-5f35-2rv2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"}],"aliases":["CVE-2021-20180","GHSA-fh5v-5f35-2rv2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6457","vulnerability_id":"VCID-fj2p-7wkh-1fhq","summary":"A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08068","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08018","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07994","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08008","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07802","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0786","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07933","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13388","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13435","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13498","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13367","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13571","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1351","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C"},{"reference_url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/pull/1635"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.general/pull/1635,"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"}],"aliases":["CVE-2021-20178","GHSA-wv5p-gmmv-wh9v","PYSEC-2021-106"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6459","vulnerability_id":"VCID-xw8r-fn6y-mbhp","summary":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2021-20191"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06806","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06803","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0661","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06568","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06825","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06863","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11108","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11131","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1121","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1108","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11089","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20191"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0"},{"reference_url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc"},{"reference_url":"https://github.com/ansible/ansible/pull/73488","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73488"},{"reference_url":"https://github.com/ansible/ansible/pull/73489","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73489"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374066","purl":"pkg:alpm/archlinux/ansible@2.10.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"}],"aliases":["CVE-2021-20191","GHSA-8f4m-hccc-8qph","PYSEC-2021-124"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373953","purl":"pkg:alpm/archlinux/ansible@3.1.0-1","type":"alpm","namespace":"archlinux","name":"ansible","version":"3.1.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6304","vulnerability_id":"VCID-rsry-fw45-9yev","summary":"A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3447","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21842","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21807","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21706","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2173","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22059","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21824","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21872","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21693","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21686","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21582","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2165","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21732","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939349","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721","reference_id":"1014721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721"},{"reference_url":"https://security.archlinux.org/AVG-1702","reference_id":"AVG-1702","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1702"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3447","reference_id":"CVE-2021-3447","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1342","reference_id":"RHSA-2021:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1343","reference_id":"RHSA-2021:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2736","reference_id":"RHSA-2021:2736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2866","reference_id":"RHSA-2021:2866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2866"}],"fixed_packages":[],"aliases":["CVE-2021-3447","PYSEC-2021-107"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsry-fw45-9yev"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@3.1.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373700","purl":"pkg:alpm/archlinux/ansible@4.0.0-1","type":"alpm","namespace":"archlinux","name":"ansible","version":"4.0.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6475","vulnerability_id":"VCID-4yvf-k192-9fca","summary":"A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2056","reference_id":"AVG-2056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2056"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533","reference_id":"CVE-2021-3533","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533"}],"fixed_packages":[],"aliases":["CVE-2021-3533","PYSEC-2021-126"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvf-k192-9fca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6474","vulnerability_id":"VCID-vhv1-9ypf-1bd7","summary":"A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3532.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3532.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956464","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956464"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2056","reference_id":"AVG-2056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2056"}],"fixed_packages":[],"aliases":["CVE-2021-3532","PYSEC-2021-125"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhv1-9ypf-1bd7"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@4.0.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373574","purl":"pkg:alpm/archlinux/ansible-core@2.11.2-1","type":"alpm","namespace":"archlinux","name":"ansible-core","version":"2.11.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.11.3-1","latest_non_vulnerable_version":"2.11.3-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6601","vulnerability_id":"VCID-axc3-wcsk-q3eg","summary":"A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51071","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50964","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51006","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50976","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50925","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50994","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51077","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51033","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54927","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54913","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5492","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54875","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e"},{"reference_url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847"},{"reference_url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1"},{"reference_url":"https://github.com/ansible/ansible/pull/74960","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/74960"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-2260","reference_id":"AVG-2260","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583","reference_id":"CVE-2021-3583","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2663","reference_id":"RHSA-2021:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2664","reference_id":"RHSA-2021:2664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2664"},{"reference_url":"https://usn.ubuntu.com/USN-5315-1/","reference_id":"USN-USN-5315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5315-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373575","purl":"pkg:alpm/archlinux/ansible-core@2.11.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1"}],"aliases":["CVE-2021-3583","GHSA-2pfh-q76x-gwvm","PYSEC-2021-358"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373575","purl":"pkg:alpm/archlinux/ansible-core@2.11.3-1","type":"alpm","namespace":"archlinux","name":"ansible-core","version":"2.11.3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6601","vulnerability_id":"VCID-axc3-wcsk-q3eg","summary":"A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51071","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50964","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51006","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50976","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50925","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50994","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51077","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51033","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54927","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54913","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5492","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54875","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e"},{"reference_url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847"},{"reference_url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1"},{"reference_url":"https://github.com/ansible/ansible/pull/74960","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/74960"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-2260","reference_id":"AVG-2260","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583","reference_id":"CVE-2021-3583","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2663","reference_id":"RHSA-2021:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2664","reference_id":"RHSA-2021:2664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2664"},{"reference_url":"https://usn.ubuntu.com/USN-5315-1/","reference_id":"USN-USN-5315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5315-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373575","purl":"pkg:alpm/archlinux/ansible-core@2.11.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1"}],"aliases":["CVE-2021-3583","GHSA-2pfh-q76x-gwvm","PYSEC-2021-358"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/370978","purl":"pkg:alpm/archlinux/ansible-core@2.12.1-1","type":"alpm","namespace":"archlinux","name":"ansible-core","version":"2.12.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80116","vulnerability_id":"VCID-65k9-7a9y-cuaw","summary":"ansible: Secrets leakage vulnerability with ansible collections and ansible galaxy","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3681.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3681","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13156","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13253","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1315","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13179","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1333","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13128","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13209","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13229","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13192","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13043","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13045","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13147","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13118","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12924","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13159","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3681"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1989407","reference_id":"1989407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1989407"},{"reference_url":"https://security.archlinux.org/AVG-1941","reference_id":"AVG-1941","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1941"}],"fixed_packages":[],"aliases":["CVE-2021-3681"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65k9-7a9y-cuaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8498","vulnerability_id":"VCID-geaa-6dxx-tbcw","summary":"A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3871","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3872","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3874","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4703","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:4703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4750","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:4750"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3620","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3620"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3620","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52364","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52521","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52442","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52417","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52412","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.5236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52418","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52456","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52499","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52455","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52437","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52409","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52484","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3620"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/"}],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/"}],"url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-1941","reference_id":"AVG-1941","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1941"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620","reference_id":"CVE-2021-3620","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620"},{"reference_url":"https://usn.ubuntu.com/USN-5315-1/","reference_id":"USN-USN-5315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5315-1/"}],"fixed_packages":[],"aliases":["CVE-2021-3620","GHSA-4r65-35qq-ch8j","PYSEC-2022-164"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-geaa-6dxx-tbcw"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.12.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374242","purl":"pkg:alpm/archlinux/ant@1.10.7-1","type":"alpm","namespace":"archlinux","name":"ant","version":"1.10.7-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.10.9-1","latest_non_vulnerable_version":"1.10.11-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32534","vulnerability_id":"VCID-53z5-f3xj-z7bf","summary":"Sensitive Data Exposure in Apache Ant\nApache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1945","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04936","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04955","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04921","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05501","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05432","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11129","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11034","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10997","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1086","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1092","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11031","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11085","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10947","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11078","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1945","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1945"},{"reference_url":"https://security.gentoo.org/glsa/202007-34","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202007-34"},{"reference_url":"https://usn.ubuntu.com/4380-1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4380-1"},{"reference_url":"https://usn.ubuntu.com/4380-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4380-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/09/30/6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/09/30/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/06/1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/12/06/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837444","reference_id":"1837444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630","reference_id":"960630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630"},{"reference_url":"https://security.archlinux.org/ASA-202005-15","reference_id":"ASA-202005-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-15"},{"reference_url":"https://security.archlinux.org/AVG-1159","reference_id":"AVG-1159","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1159"},{"reference_url":"https://github.com/advisories/GHSA-4p6w-m9wc-c9c9","reference_id":"GHSA-4p6w-m9wc-c9c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p6w-m9wc-c9c9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2618","reference_id":"RHSA-2020:2618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4960","reference_id":"RHSA-2020:4960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4961","reference_id":"RHSA-2020:4961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"},{"reference_url":"https://usn.ubuntu.com/USN-4874-1/","reference_id":"USN-USN-4874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374193","purl":"pkg:alpm/archlinux/ant@1.10.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-unby-h128-v3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1"}],"aliases":["CVE-2020-1945","GHSA-4p6w-m9wc-c9c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374193","purl":"pkg:alpm/archlinux/ant@1.10.8-1","type":"alpm","namespace":"archlinux","name":"ant","version":"1.10.8-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.10.9-1","latest_non_vulnerable_version":"1.10.11-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37476","vulnerability_id":"VCID-unby-h128-v3bk","summary":"Code injection in Apache Ant\nAs mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11979","reference_id":"","reference_type":"","scores":[{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78224","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78214","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78196","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78158","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78145","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78138","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78105","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78111","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78112","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78265","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78186","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11979"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/ant","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ant"},{"reference_url":"https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm"},{"reference_url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11979","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11979"},{"reference_url":"https://security.gentoo.org/glsa/202011-18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202011-18"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903702","reference_id":"1903702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612","reference_id":"971612","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612"},{"reference_url":"https://security.archlinux.org/ASA-202012-5","reference_id":"ASA-202012-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-5"},{"reference_url":"https://security.archlinux.org/AVG-1312","reference_id":"AVG-1312","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1312"},{"reference_url":"https://github.com/advisories/GHSA-f62v-xpxf-3v68","reference_id":"GHSA-f62v-xpxf-3v68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f62v-xpxf-3v68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374194","purl":"pkg:alpm/archlinux/ant@1.10.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1"}],"aliases":["CVE-2020-11979","GHSA-f62v-xpxf-3v68","GHSA-j45w-qrgf-25vm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32534","vulnerability_id":"VCID-53z5-f3xj-z7bf","summary":"Sensitive Data Exposure in Apache Ant\nApache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1945","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04936","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04955","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04921","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05501","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05432","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11129","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11034","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10997","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1086","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1092","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11031","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11085","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10947","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11078","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1945","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1945"},{"reference_url":"https://security.gentoo.org/glsa/202007-34","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202007-34"},{"reference_url":"https://usn.ubuntu.com/4380-1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4380-1"},{"reference_url":"https://usn.ubuntu.com/4380-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4380-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/09/30/6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/09/30/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/06/1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/12/06/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837444","reference_id":"1837444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630","reference_id":"960630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630"},{"reference_url":"https://security.archlinux.org/ASA-202005-15","reference_id":"ASA-202005-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-15"},{"reference_url":"https://security.archlinux.org/AVG-1159","reference_id":"AVG-1159","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1159"},{"reference_url":"https://github.com/advisories/GHSA-4p6w-m9wc-c9c9","reference_id":"GHSA-4p6w-m9wc-c9c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p6w-m9wc-c9c9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2618","reference_id":"RHSA-2020:2618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4960","reference_id":"RHSA-2020:4960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4961","reference_id":"RHSA-2020:4961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"},{"reference_url":"https://usn.ubuntu.com/USN-4874-1/","reference_id":"USN-USN-4874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374193","purl":"pkg:alpm/archlinux/ant@1.10.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-unby-h128-v3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1"}],"aliases":["CVE-2020-1945","GHSA-4p6w-m9wc-c9c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374194","purl":"pkg:alpm/archlinux/ant@1.10.9-1","type":"alpm","namespace":"archlinux","name":"ant","version":"1.10.9-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.10.11-1","latest_non_vulnerable_version":"1.10.11-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37476","vulnerability_id":"VCID-unby-h128-v3bk","summary":"Code injection in Apache Ant\nAs mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11979","reference_id":"","reference_type":"","scores":[{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78224","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78214","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78196","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78158","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78145","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78138","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78105","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78111","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78112","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78265","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78186","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11979"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/ant","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ant"},{"reference_url":"https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm"},{"reference_url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11979","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11979"},{"reference_url":"https://security.gentoo.org/glsa/202011-18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202011-18"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903702","reference_id":"1903702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612","reference_id":"971612","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612"},{"reference_url":"https://security.archlinux.org/ASA-202012-5","reference_id":"ASA-202012-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-5"},{"reference_url":"https://security.archlinux.org/AVG-1312","reference_id":"AVG-1312","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1312"},{"reference_url":"https://github.com/advisories/GHSA-f62v-xpxf-3v68","reference_id":"GHSA-f62v-xpxf-3v68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f62v-xpxf-3v68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374194","purl":"pkg:alpm/archlinux/ant@1.10.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1"}],"aliases":["CVE-2020-11979","GHSA-f62v-xpxf-3v68","GHSA-j45w-qrgf-25vm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374777","purl":"pkg:alpm/archlinux/ant@1.10.10-1","type":"alpm","namespace":"archlinux","name":"ant","version":"1.10.10-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.10.11-1","latest_non_vulnerable_version":"1.10.11-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10910","vulnerability_id":"VCID-2a6z-dfqf-5ycb","summary":"Uncontrolled Resource Consumption\nWhen reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json"},{"reference_url":"https://ant.apache.org/security.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ant.apache.org/security.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36373","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24348","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24279","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27848","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28259","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28241","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28108","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27917","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27751","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27813","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27839","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27756","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27772","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210819-0007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210819-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210819-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210819-0007/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982336","reference_id":"1982336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982336"},{"reference_url":"https://security.archlinux.org/ASA-202107-43","reference_id":"ASA-202107-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-43"},{"reference_url":"https://security.archlinux.org/AVG-2151","reference_id":"AVG-2151","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36373","reference_id":"CVE-2021-36373","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36373"},{"reference_url":"https://github.com/advisories/GHSA-q5r4-cfpx-h6fh","reference_id":"GHSA-q5r4-cfpx-h6fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5r4-cfpx-h6fh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5903","reference_id":"RHSA-2022:5903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374778","purl":"pkg:alpm/archlinux/ant@1.10.11-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1"}],"aliases":["CVE-2021-36373","GHSA-q5r4-cfpx-h6fh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6z-dfqf-5ycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10909","vulnerability_id":"VCID-6uzy-57uy-zkfw","summary":"Uncontrolled Resource Consumption\nWhen reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json"},{"reference_url":"https://ant.apache.org/security.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ant.apache.org/security.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36374","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29966","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29919","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29875","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29884","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33719","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34245","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34232","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34198","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33717","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33599","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33668","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33711","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33621","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33644","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210819-0007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210819-0007"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982331","reference_id":"1982331","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982331"},{"reference_url":"https://security.archlinux.org/ASA-202107-43","reference_id":"ASA-202107-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-43"},{"reference_url":"https://security.archlinux.org/AVG-2151","reference_id":"AVG-2151","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36374","reference_id":"CVE-2021-36374","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36374"},{"reference_url":"https://github.com/advisories/GHSA-5v34-g2px-j4fw","reference_id":"GHSA-5v34-g2px-j4fw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v34-g2px-j4fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374778","purl":"pkg:alpm/archlinux/ant@1.10.11-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1"}],"aliases":["CVE-2021-36374","GHSA-5v34-g2px-j4fw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzy-57uy-zkfw"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.10-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374778","purl":"pkg:alpm/archlinux/ant@1.10.11-1","type":"alpm","namespace":"archlinux","name":"ant","version":"1.10.11-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10910","vulnerability_id":"VCID-2a6z-dfqf-5ycb","summary":"Uncontrolled Resource Consumption\nWhen reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json"},{"reference_url":"https://ant.apache.org/security.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ant.apache.org/security.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36373","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24348","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24279","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27848","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28259","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28241","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28108","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27917","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27751","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27813","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27839","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27756","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27772","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210819-0007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210819-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210819-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210819-0007/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982336","reference_id":"1982336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982336"},{"reference_url":"https://security.archlinux.org/ASA-202107-43","reference_id":"ASA-202107-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-43"},{"reference_url":"https://security.archlinux.org/AVG-2151","reference_id":"AVG-2151","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36373","reference_id":"CVE-2021-36373","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36373"},{"reference_url":"https://github.com/advisories/GHSA-q5r4-cfpx-h6fh","reference_id":"GHSA-q5r4-cfpx-h6fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5r4-cfpx-h6fh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5903","reference_id":"RHSA-2022:5903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374778","purl":"pkg:alpm/archlinux/ant@1.10.11-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1"}],"aliases":["CVE-2021-36373","GHSA-q5r4-cfpx-h6fh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6z-dfqf-5ycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10909","vulnerability_id":"VCID-6uzy-57uy-zkfw","summary":"Uncontrolled Resource Consumption\nWhen reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json"},{"reference_url":"https://ant.apache.org/security.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ant.apache.org/security.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36374","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29966","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29919","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29875","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29884","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33719","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34245","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34232","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34198","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33717","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33599","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33668","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33711","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33621","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33644","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210819-0007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210819-0007"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982331","reference_id":"1982331","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982331"},{"reference_url":"https://security.archlinux.org/ASA-202107-43","reference_id":"ASA-202107-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-43"},{"reference_url":"https://security.archlinux.org/AVG-2151","reference_id":"AVG-2151","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36374","reference_id":"CVE-2021-36374","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36374"},{"reference_url":"https://github.com/advisories/GHSA-5v34-g2px-j4fw","reference_id":"GHSA-5v34-g2px-j4fw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v34-g2px-j4fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374778","purl":"pkg:alpm/archlinux/ant@1.10.11-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1"}],"aliases":["CVE-2021-36374","GHSA-5v34-g2px-j4fw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzy-57uy-zkfw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373724","purl":"pkg:alpm/archlinux/aom@3.0.0-2","type":"alpm","namespace":"archlinux","name":"aom","version":"3.0.0-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.0-1","latest_non_vulnerable_version":"3.2.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34149","vulnerability_id":"VCID-42kw-yczz-q7f9","summary":"Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30474","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38172","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38096","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38496","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38632","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38519","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3857","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38589","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38572","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3847","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38287","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38195","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38149","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3816","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38072","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1925","reference_id":"AVG-1925","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1925"},{"reference_url":"https://security.gentoo.org/glsa/202401-32","reference_id":"GLSA-202401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-32"},{"reference_url":"https://usn.ubuntu.com/6447-1/","reference_id":"USN-6447-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6447-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373725","purl":"pkg:alpm/archlinux/aom@3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1"}],"aliases":["CVE-2021-30474"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42kw-yczz-q7f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34148","vulnerability_id":"VCID-ytsf-k9ep-17h3","summary":"Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30473","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48015","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47941","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47949","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48009","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48011","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48005","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48029","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48069","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48064","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.4802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48001","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48012","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.4796","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47878","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47945","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47968","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47911","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211","reference_id":"988211","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211"},{"reference_url":"https://security.archlinux.org/AVG-1925","reference_id":"AVG-1925","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1925"},{"reference_url":"https://security.gentoo.org/glsa/202401-32","reference_id":"GLSA-202401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-32"},{"reference_url":"https://usn.ubuntu.com/6447-1/","reference_id":"USN-6447-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6447-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373725","purl":"pkg:alpm/archlinux/aom@3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1"}],"aliases":["CVE-2021-30473"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytsf-k9ep-17h3"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.0.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373725","purl":"pkg:alpm/archlinux/aom@3.1.0-1","type":"alpm","namespace":"archlinux","name":"aom","version":"3.1.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.2.0-1","latest_non_vulnerable_version":"3.2.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34149","vulnerability_id":"VCID-42kw-yczz-q7f9","summary":"Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30474","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38172","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38096","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38496","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38632","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38519","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3857","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38589","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38572","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3847","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38287","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38195","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38149","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3816","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38072","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1925","reference_id":"AVG-1925","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1925"},{"reference_url":"https://security.gentoo.org/glsa/202401-32","reference_id":"GLSA-202401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-32"},{"reference_url":"https://usn.ubuntu.com/6447-1/","reference_id":"USN-6447-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6447-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373725","purl":"pkg:alpm/archlinux/aom@3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1"}],"aliases":["CVE-2021-30474"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42kw-yczz-q7f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34148","vulnerability_id":"VCID-ytsf-k9ep-17h3","summary":"Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30473","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48015","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47941","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47949","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48009","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48011","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48005","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48029","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48069","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48064","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.4802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48001","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48012","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.4796","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47878","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47945","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47968","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47911","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211","reference_id":"988211","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211"},{"reference_url":"https://security.archlinux.org/AVG-1925","reference_id":"AVG-1925","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1925"},{"reference_url":"https://security.gentoo.org/glsa/202401-32","reference_id":"GLSA-202401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-32"},{"reference_url":"https://usn.ubuntu.com/6447-1/","reference_id":"USN-6447-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6447-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373725","purl":"pkg:alpm/archlinux/aom@3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1"}],"aliases":["CVE-2021-30473"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytsf-k9ep-17h3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373404","purl":"pkg:alpm/archlinux/aom@3.1.3-2","type":"alpm","namespace":"archlinux","name":"aom","version":"3.1.3-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.0-1","latest_non_vulnerable_version":"3.2.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34150","vulnerability_id":"VCID-ed5k-acd1-27hn","summary":"Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30475","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43596","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43533","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43715","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4377","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43781","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43753","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43806","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43739","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43548","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43566","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43502","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2039","reference_id":"AVG-2039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2039"},{"reference_url":"https://security.gentoo.org/glsa/202401-32","reference_id":"GLSA-202401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-32"},{"reference_url":"https://usn.ubuntu.com/6447-1/","reference_id":"USN-6447-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6447-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373405","purl":"pkg:alpm/archlinux/aom@3.2.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1"}],"aliases":["CVE-2021-30475"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5k-acd1-27hn"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.3-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373405","purl":"pkg:alpm/archlinux/aom@3.2.0-1","type":"alpm","namespace":"archlinux","name":"aom","version":"3.2.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34150","vulnerability_id":"VCID-ed5k-acd1-27hn","summary":"Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30475","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43596","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43533","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43715","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4377","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43781","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43753","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43806","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43739","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43548","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43566","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43502","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2039","reference_id":"AVG-2039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2039"},{"reference_url":"https://security.gentoo.org/glsa/202401-32","reference_id":"GLSA-202401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-32"},{"reference_url":"https://usn.ubuntu.com/6447-1/","reference_id":"USN-6447-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6447-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373405","purl":"pkg:alpm/archlinux/aom@3.2.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1"}],"aliases":["CVE-2021-30475"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5k-acd1-27hn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372977","purl":"pkg:alpm/archlinux/apache@2.4.25-3","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.25-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.26-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3769","vulnerability_id":"VCID-1189-ej89-hybs","summary":"mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3169","reference_id":"","reference_type":"","scores":[{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96769","published_at":"2026-05-12T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96753","published_at":"2026-05-05T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96756","published_at":"2026-05-07T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96764","published_at":"2026-05-11T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96777","published_at":"2026-05-14T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96761","published_at":"2026-05-09T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96744","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96883","published_at":"2026-04-18T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96886","published_at":"2026-04-21T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96889","published_at":"2026-04-26T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96968","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.9698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96992","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96995","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463197","reference_id":"1463197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463197"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-3169.json","reference_id":"CVE-2017-3169","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-3169.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-3169"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3772","vulnerability_id":"VCID-fyrq-yg2u-jkc7","summary":"mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7679","reference_id":"","reference_type":"","scores":[{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96711","published_at":"2026-05-14T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96668","published_at":"2026-04-16T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96672","published_at":"2026-04-18T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96674","published_at":"2026-04-24T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96689","published_at":"2026-05-07T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96695","published_at":"2026-05-09T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96699","published_at":"2026-05-11T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96704","published_at":"2026-05-12T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96715","published_at":"2026-04-01T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.9673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96742","published_at":"2026-04-12T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96725","published_at":"2026-04-02T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96726","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463207","reference_id":"1463207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463207"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7679.json","reference_id":"CVE-2017-7679","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7679.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-7679"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3768","vulnerability_id":"VCID-qayj-kts9-3fde","summary":"Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3167","reference_id":"","reference_type":"","scores":[{"value":"0.08717","scoring_system":"epss","scoring_elements":"0.92571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92874","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92879","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92892","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92906","published_at":"2026-05-07T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.9292","published_at":"2026-05-11T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92928","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92873","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463194","reference_id":"1463194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463194"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-3167.json","reference_id":"CVE-2017-3167","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-3167.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-3167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3771","vulnerability_id":"VCID-twj7-4qwm-2khv","summary":"The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7668","reference_id":"","reference_type":"","scores":[{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98399","published_at":"2026-05-09T12:55:00Z"},{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98405","published_at":"2026-05-14T12:55:00Z"},{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98401","published_at":"2026-05-12T12:55:00Z"},{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98398","published_at":"2026-05-11T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.9847","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.98471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.98472","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.98476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.9853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98519","published_at":"2026-04-01T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98523","published_at":"2026-04-04T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.67269","scoring_system":"epss","scoring_elements":"0.98579","published_at":"2026-05-05T12:55:00Z"},{"value":"0.67269","scoring_system":"epss","scoring_elements":"0.9858","published_at":"2026-05-07T12:55:00Z"},{"value":"0.67269","scoring_system":"epss","scoring_elements":"0.98573","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463205","reference_id":"1463205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463205"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7668.json","reference_id":"CVE-2017-7668","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7668.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-7668"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3770","vulnerability_id":"VCID-wshe-gf99-tbg6","summary":"A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7659","reference_id":"","reference_type":"","scores":[{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97283","published_at":"2026-05-14T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97261","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97265","published_at":"2026-05-09T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97271","published_at":"2026-05-11T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97275","published_at":"2026-05-12T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.9723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97235","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97244","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97246","published_at":"2026-04-18T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97249","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-04-24T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97257","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463199","reference_id":"1463199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463199"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7659.json","reference_id":"CVE-2017-7659","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7659.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-7659"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.25-3"},{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.26-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.27-2","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3769","vulnerability_id":"VCID-1189-ej89-hybs","summary":"mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3169","reference_id":"","reference_type":"","scores":[{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96769","published_at":"2026-05-12T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96753","published_at":"2026-05-05T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96756","published_at":"2026-05-07T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96764","published_at":"2026-05-11T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96777","published_at":"2026-05-14T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96761","published_at":"2026-05-09T12:55:00Z"},{"value":"0.30773","scoring_system":"epss","scoring_elements":"0.96744","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96883","published_at":"2026-04-18T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96886","published_at":"2026-04-21T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96889","published_at":"2026-04-26T12:55:00Z"},{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96968","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.9698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96992","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96995","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463197","reference_id":"1463197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463197"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-3169.json","reference_id":"CVE-2017-3169","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-3169.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-3169"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3772","vulnerability_id":"VCID-fyrq-yg2u-jkc7","summary":"mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7679","reference_id":"","reference_type":"","scores":[{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96711","published_at":"2026-05-14T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96668","published_at":"2026-04-16T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96672","published_at":"2026-04-18T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96674","published_at":"2026-04-24T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96689","published_at":"2026-05-07T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96695","published_at":"2026-05-09T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96699","published_at":"2026-05-11T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96704","published_at":"2026-05-12T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96715","published_at":"2026-04-01T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.9673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96742","published_at":"2026-04-12T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96725","published_at":"2026-04-02T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96726","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463207","reference_id":"1463207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463207"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7679.json","reference_id":"CVE-2017-7679","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7679.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-7679"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3768","vulnerability_id":"VCID-qayj-kts9-3fde","summary":"Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3167","reference_id":"","reference_type":"","scores":[{"value":"0.08717","scoring_system":"epss","scoring_elements":"0.92571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92874","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92879","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92892","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92906","published_at":"2026-05-07T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.9292","published_at":"2026-05-11T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92928","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92873","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463194","reference_id":"1463194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463194"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-3167.json","reference_id":"CVE-2017-3167","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-3167.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-3167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3771","vulnerability_id":"VCID-twj7-4qwm-2khv","summary":"The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7668","reference_id":"","reference_type":"","scores":[{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98399","published_at":"2026-05-09T12:55:00Z"},{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98405","published_at":"2026-05-14T12:55:00Z"},{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98401","published_at":"2026-05-12T12:55:00Z"},{"value":"0.62784","scoring_system":"epss","scoring_elements":"0.98398","published_at":"2026-05-11T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.9847","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.98471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.98472","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64829","scoring_system":"epss","scoring_elements":"0.98476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.9853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98519","published_at":"2026-04-01T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98523","published_at":"2026-04-04T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.66384","scoring_system":"epss","scoring_elements":"0.98521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.67269","scoring_system":"epss","scoring_elements":"0.98579","published_at":"2026-05-05T12:55:00Z"},{"value":"0.67269","scoring_system":"epss","scoring_elements":"0.9858","published_at":"2026-05-07T12:55:00Z"},{"value":"0.67269","scoring_system":"epss","scoring_elements":"0.98573","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463205","reference_id":"1463205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463205"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7668.json","reference_id":"CVE-2017-7668","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7668.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-7668"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3770","vulnerability_id":"VCID-wshe-gf99-tbg6","summary":"A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7659","reference_id":"","reference_type":"","scores":[{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97283","published_at":"2026-05-14T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97261","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97265","published_at":"2026-05-09T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97271","published_at":"2026-05-11T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97275","published_at":"2026-05-12T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.9723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97235","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97244","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97246","published_at":"2026-04-18T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97249","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-04-24T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.38383","scoring_system":"epss","scoring_elements":"0.97257","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463199","reference_id":"1463199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463199"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7659.json","reference_id":"CVE-2017-7659","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7659.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372978","purl":"pkg:alpm/archlinux/apache@2.4.26-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"}],"aliases":["CVE-2017-7659"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371537","purl":"pkg:alpm/archlinux/apache@2.4.26-3","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.26-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.27-2","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3773","vulnerability_id":"VCID-jt89-ruvk-1kbj","summary":"The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9788","reference_id":"","reference_type":"","scores":[{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97699","published_at":"2026-05-05T12:55:00Z"},{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97695","published_at":"2026-04-29T12:55:00Z"},{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97703","published_at":"2026-05-09T12:55:00Z"},{"value":"0.49498","scoring_system":"epss","scoring_elements":"0.97827","published_at":"2026-05-14T12:55:00Z"},{"value":"0.49498","scoring_system":"epss","scoring_elements":"0.97821","published_at":"2026-05-12T12:55:00Z"},{"value":"0.49498","scoring_system":"epss","scoring_elements":"0.97816","published_at":"2026-05-11T12:55:00Z"},{"value":"0.50243","scoring_system":"epss","scoring_elements":"0.97843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.50243","scoring_system":"epss","scoring_elements":"0.97842","published_at":"2026-04-24T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97951","published_at":"2026-04-18T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97942","published_at":"2026-04-12T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97921","published_at":"2026-04-01T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97924","published_at":"2026-04-02T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.9795","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470748","reference_id":"1470748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467","reference_id":"868467","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467"},{"reference_url":"https://security.archlinux.org/ASA-201707-15","reference_id":"ASA-201707-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-15"},{"reference_url":"https://security.archlinux.org/AVG-350","reference_id":"AVG-350","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-350"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9788.json","reference_id":"CVE-2017-9788","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9788.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2708","reference_id":"RHSA-2017:2708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2709","reference_id":"RHSA-2017:2709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2710","reference_id":"RHSA-2017:2710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3239","reference_id":"RHSA-2017:3239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3240","reference_id":"RHSA-2017:3240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3240"},{"reference_url":"https://usn.ubuntu.com/3370-1/","reference_id":"USN-3370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3370-1/"},{"reference_url":"https://usn.ubuntu.com/3370-2/","reference_id":"USN-3370-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3370-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371538","purl":"pkg:alpm/archlinux/apache@2.4.27-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1"}],"aliases":["CVE-2017-9788"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3774","vulnerability_id":"VCID-khfr-kgtb-rfam","summary":"When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9789","reference_id":"","reference_type":"","scores":[{"value":"0.06093","scoring_system":"epss","scoring_elements":"0.90854","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06093","scoring_system":"epss","scoring_elements":"0.90845","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06093","scoring_system":"epss","scoring_elements":"0.90866","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.9383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93796","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93863","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93872","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93881","published_at":"2026-05-07T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93892","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93858","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93864","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93867","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9789"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470750","reference_id":"1470750","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470750"},{"reference_url":"https://security.archlinux.org/ASA-201707-15","reference_id":"ASA-201707-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-15"},{"reference_url":"https://security.archlinux.org/AVG-350","reference_id":"AVG-350","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-350"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9789.json","reference_id":"CVE-2017-9789","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9789.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371538","purl":"pkg:alpm/archlinux/apache@2.4.27-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1"}],"aliases":["CVE-2017-9789"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-3"},{"url":"http://public2.vulnerablecode.io/api/packages/371538","purl":"pkg:alpm/archlinux/apache@2.4.27-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.27-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.27-2","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3775","vulnerability_id":"VCID-5bej-9h7w-33c8","summary":"When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2017/09/18/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2017/09/18/2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3113","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3114","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3114"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9798","reference_id":"","reference_type":"","scores":[{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99862","published_at":"2026-04-01T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99868","published_at":"2026-05-14T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99867","published_at":"2026-05-11T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99866","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99864","published_at":"2026-04-12T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99865","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9798"},{"reference_url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"},{"reference_url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Sep/22","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2024/Sep/22"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"},{"reference_url":"https://github.com/hannob/optionsbleed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hannob/optionsbleed"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180601-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180601-0003/"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2017-9798"},{"reference_url":"https://support.apple.com/HT208331","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT208331"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"},{"reference_url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"},{"reference_url":"https://www.exploit-db.com/exploits/42745/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/42745/"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.debian.org/security/2017/dsa-3980","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3980"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/100872","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100872"},{"reference_url":"http://www.securityfocus.com/bid/105598","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105598"},{"reference_url":"http://www.securitytracker.com/id/1039387","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490344","reference_id":"1490344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109","reference_id":"876109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109"},{"reference_url":"https://security.archlinux.org/ASA-201709-15","reference_id":"ASA-201709-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-15"},{"reference_url":"https://security.archlinux.org/AVG-404","reference_id":"AVG-404","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-404"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9798.json","reference_id":"CVE-2017-9798","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9798.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9798","reference_id":"CVE-2017-9798","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9798"},{"reference_url":"https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed","reference_id":"CVE-2017-9798;OPTIONSBLEED","reference_type":"exploit","scores":[],"url":"https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py","reference_id":"CVE-2017-9798;OPTIONSBLEED","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2882","reference_id":"RHSA-2017:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2972","reference_id":"RHSA-2017:2972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2972"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3018","reference_id":"RHSA-2017:3018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3239","reference_id":"RHSA-2017:3239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3240","reference_id":"RHSA-2017:3240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3425-1/","reference_id":"USN-3425-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3425-1/"},{"reference_url":"https://usn.ubuntu.com/3425-2/","reference_id":"USN-3425-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3425-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372929","purl":"pkg:alpm/archlinux/apache@2.4.27-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2"}],"aliases":["CVE-2017-9798"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3773","vulnerability_id":"VCID-jt89-ruvk-1kbj","summary":"The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9788","reference_id":"","reference_type":"","scores":[{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97699","published_at":"2026-05-05T12:55:00Z"},{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97695","published_at":"2026-04-29T12:55:00Z"},{"value":"0.47063","scoring_system":"epss","scoring_elements":"0.97703","published_at":"2026-05-09T12:55:00Z"},{"value":"0.49498","scoring_system":"epss","scoring_elements":"0.97827","published_at":"2026-05-14T12:55:00Z"},{"value":"0.49498","scoring_system":"epss","scoring_elements":"0.97821","published_at":"2026-05-12T12:55:00Z"},{"value":"0.49498","scoring_system":"epss","scoring_elements":"0.97816","published_at":"2026-05-11T12:55:00Z"},{"value":"0.50243","scoring_system":"epss","scoring_elements":"0.97843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.50243","scoring_system":"epss","scoring_elements":"0.97842","published_at":"2026-04-24T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97951","published_at":"2026-04-18T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97942","published_at":"2026-04-12T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97921","published_at":"2026-04-01T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97924","published_at":"2026-04-02T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.9795","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470748","reference_id":"1470748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467","reference_id":"868467","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467"},{"reference_url":"https://security.archlinux.org/ASA-201707-15","reference_id":"ASA-201707-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-15"},{"reference_url":"https://security.archlinux.org/AVG-350","reference_id":"AVG-350","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-350"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9788.json","reference_id":"CVE-2017-9788","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9788.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2708","reference_id":"RHSA-2017:2708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2709","reference_id":"RHSA-2017:2709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2710","reference_id":"RHSA-2017:2710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3239","reference_id":"RHSA-2017:3239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3240","reference_id":"RHSA-2017:3240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3240"},{"reference_url":"https://usn.ubuntu.com/3370-1/","reference_id":"USN-3370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3370-1/"},{"reference_url":"https://usn.ubuntu.com/3370-2/","reference_id":"USN-3370-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3370-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371538","purl":"pkg:alpm/archlinux/apache@2.4.27-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1"}],"aliases":["CVE-2017-9788"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3774","vulnerability_id":"VCID-khfr-kgtb-rfam","summary":"When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9789","reference_id":"","reference_type":"","scores":[{"value":"0.06093","scoring_system":"epss","scoring_elements":"0.90854","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06093","scoring_system":"epss","scoring_elements":"0.90845","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06093","scoring_system":"epss","scoring_elements":"0.90866","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.9383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93796","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93863","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93872","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93881","published_at":"2026-05-07T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93892","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93858","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93864","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93867","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9789"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470750","reference_id":"1470750","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470750"},{"reference_url":"https://security.archlinux.org/ASA-201707-15","reference_id":"ASA-201707-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-15"},{"reference_url":"https://security.archlinux.org/AVG-350","reference_id":"AVG-350","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-350"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9789.json","reference_id":"CVE-2017-9789","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9789.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371538","purl":"pkg:alpm/archlinux/apache@2.4.27-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1"}],"aliases":["CVE-2017-9789"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372929","purl":"pkg:alpm/archlinux/apache@2.4.27-2","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.27-2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.33-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3775","vulnerability_id":"VCID-5bej-9h7w-33c8","summary":"When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2017/09/18/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2017/09/18/2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3113","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3114","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3114"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9798","reference_id":"","reference_type":"","scores":[{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99862","published_at":"2026-04-01T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99868","published_at":"2026-05-14T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99867","published_at":"2026-05-11T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99866","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99864","published_at":"2026-04-12T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99865","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9798"},{"reference_url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"},{"reference_url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Sep/22","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2024/Sep/22"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"},{"reference_url":"https://github.com/hannob/optionsbleed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hannob/optionsbleed"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180601-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180601-0003/"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2017-9798"},{"reference_url":"https://support.apple.com/HT208331","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT208331"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"},{"reference_url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"},{"reference_url":"https://www.exploit-db.com/exploits/42745/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/42745/"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.debian.org/security/2017/dsa-3980","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3980"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/100872","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100872"},{"reference_url":"http://www.securityfocus.com/bid/105598","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105598"},{"reference_url":"http://www.securitytracker.com/id/1039387","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490344","reference_id":"1490344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109","reference_id":"876109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109"},{"reference_url":"https://security.archlinux.org/ASA-201709-15","reference_id":"ASA-201709-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-15"},{"reference_url":"https://security.archlinux.org/AVG-404","reference_id":"AVG-404","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-404"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9798.json","reference_id":"CVE-2017-9798","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9798.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9798","reference_id":"CVE-2017-9798","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9798"},{"reference_url":"https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed","reference_id":"CVE-2017-9798;OPTIONSBLEED","reference_type":"exploit","scores":[],"url":"https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py","reference_id":"CVE-2017-9798;OPTIONSBLEED","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2882","reference_id":"RHSA-2017:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2972","reference_id":"RHSA-2017:2972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2972"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3018","reference_id":"RHSA-2017:3018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3239","reference_id":"RHSA-2017:3239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3240","reference_id":"RHSA-2017:3240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3425-1/","reference_id":"USN-3425-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3425-1/"},{"reference_url":"https://usn.ubuntu.com/3425-2/","reference_id":"USN-3425-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3425-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372929","purl":"pkg:alpm/archlinux/apache@2.4.27-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2"}],"aliases":["CVE-2017-9798"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2"},{"url":"http://public2.vulnerablecode.io/api/packages/374397","purl":"pkg:alpm/archlinux/apache@2.4.29-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.29-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.33-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3778","vulnerability_id":"VCID-9qdr-1v39-d7b7","summary":"When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283","reference_id":"","reference_type":"","scores":[{"value":"0.02927","scoring_system":"epss","scoring_elements":"0.86456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87326","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.8732","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87316","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.8733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87334","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87263","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88115","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88113","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88127","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88086","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88101","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395","reference_id":"1560395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1283.json","reference_id":"CVE-2018-1283","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1283.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1283"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3780","vulnerability_id":"VCID-apfh-r85v-dbhz","summary":"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302","reference_id":"","reference_type":"","scores":[{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93863","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.9387","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93776","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-11T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93828","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93833","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93838","published_at":"2026-04-24T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93842","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93852","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625","reference_id":"1560625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1302.json","reference_id":"CVE-2018-1302","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1302.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1302"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3782","vulnerability_id":"VCID-fqem-96w3-rucb","summary":"When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312","reference_id":"","reference_type":"","scores":[{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91504","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91495","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91458","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91487","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91512","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91496","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91685","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91677","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91683","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91655","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91664","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634","reference_id":"1560634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1312.json","reference_id":"CVE-2018-1312","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1312.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1898","reference_id":"RHSA-2019:1898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1898"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1312"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3779","vulnerability_id":"VCID-jzuw-73df-mfff","summary":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301","reference_id":"","reference_type":"","scores":[{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91755","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91846","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91845","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91852","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91812","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91825","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91836","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643","reference_id":"1560643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1301.json","reference_id":"CVE-2018-1301","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1301.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1301"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3777","vulnerability_id":"VCID-q5wm-suxb-jfeb","summary":"The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715","reference_id":"","reference_type":"","scores":[{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99841","published_at":"2026-05-07T12:55:00Z"},{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99842","published_at":"2026-05-12T12:55:00Z"},{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99843","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99909","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.9991","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614","reference_id":"1560614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15715.json","reference_id":"CVE-2017-15715","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15715.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2017-15715"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3781","vulnerability_id":"VCID-scf1-zmu7-e3b2","summary":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303","reference_id":"","reference_type":"","scores":[{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96886","published_at":"2026-05-14T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96875","published_at":"2026-05-12T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96848","published_at":"2026-04-26T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96852","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96861","published_at":"2026-05-07T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96867","published_at":"2026-05-09T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-18T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97337","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399","reference_id":"1560399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1303.json","reference_id":"CVE-2018-1303","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1303.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1303"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3776","vulnerability_id":"VCID-zc2p-sfu7-jkhc","summary":"mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710","reference_id":"","reference_type":"","scores":[{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92113","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.9208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92097","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.921","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92104","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92111","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92108","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.9385","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93829","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93832","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.9382","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599","reference_id":"1560599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15710.json","reference_id":"CVE-2017-15710","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15710.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2017-15710"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.29-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.33-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.34-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3778","vulnerability_id":"VCID-9qdr-1v39-d7b7","summary":"When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283","reference_id":"","reference_type":"","scores":[{"value":"0.02927","scoring_system":"epss","scoring_elements":"0.86456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87326","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.8732","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87316","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.8733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87334","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87263","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88115","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88113","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88127","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88086","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88101","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395","reference_id":"1560395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1283.json","reference_id":"CVE-2018-1283","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1283.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1283"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3780","vulnerability_id":"VCID-apfh-r85v-dbhz","summary":"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302","reference_id":"","reference_type":"","scores":[{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93863","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.9387","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93776","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-11T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93828","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93833","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93838","published_at":"2026-04-24T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93842","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93852","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625","reference_id":"1560625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1302.json","reference_id":"CVE-2018-1302","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1302.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1302"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3782","vulnerability_id":"VCID-fqem-96w3-rucb","summary":"When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312","reference_id":"","reference_type":"","scores":[{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91504","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91495","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91458","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91487","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91512","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06949","scoring_system":"epss","scoring_elements":"0.91496","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91685","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91677","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91683","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91655","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91664","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634","reference_id":"1560634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1312.json","reference_id":"CVE-2018-1312","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1312.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1898","reference_id":"RHSA-2019:1898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1898"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1312"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3779","vulnerability_id":"VCID-jzuw-73df-mfff","summary":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301","reference_id":"","reference_type":"","scores":[{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91755","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91846","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91845","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91852","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91812","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91825","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91836","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643","reference_id":"1560643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1301.json","reference_id":"CVE-2018-1301","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1301.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1301"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3777","vulnerability_id":"VCID-q5wm-suxb-jfeb","summary":"The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715","reference_id":"","reference_type":"","scores":[{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99841","published_at":"2026-05-07T12:55:00Z"},{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99842","published_at":"2026-05-12T12:55:00Z"},{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99843","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99909","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.9991","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614","reference_id":"1560614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15715.json","reference_id":"CVE-2017-15715","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15715.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2017-15715"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3781","vulnerability_id":"VCID-scf1-zmu7-e3b2","summary":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303","reference_id":"","reference_type":"","scores":[{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96886","published_at":"2026-05-14T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96875","published_at":"2026-05-12T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96848","published_at":"2026-04-26T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96852","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96861","published_at":"2026-05-07T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96867","published_at":"2026-05-09T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-18T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97337","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399","reference_id":"1560399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1303.json","reference_id":"CVE-2018-1303","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1303.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2018-1303"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3776","vulnerability_id":"VCID-zc2p-sfu7-jkhc","summary":"mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710","reference_id":"","reference_type":"","scores":[{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92113","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.9208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92097","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.921","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92104","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92111","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92108","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.9385","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93829","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93832","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.93809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11987","scoring_system":"epss","scoring_elements":"0.9382","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599","reference_id":"1560599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15710.json","reference_id":"CVE-2017-15710","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15710.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374398","purl":"pkg:alpm/archlinux/apache@2.4.33-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"}],"aliases":["CVE-2017-15710"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374375","purl":"pkg:alpm/archlinux/apache@2.4.33-3","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.33-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.34-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3783","vulnerability_id":"VCID-9vzm-qtye-ufh2","summary":"By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3558","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333","reference_id":"","reference_type":"","scores":[{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92958","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92987","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.93012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.93007","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.93","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92971","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.9297","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.15119","scoring_system":"epss","scoring_elements":"0.94612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-05-14T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95846","published_at":"2026-05-05T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95848","published_at":"2026-05-07T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95855","published_at":"2026-05-09T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95859","published_at":"2026-05-11T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95864","published_at":"2026-05-12T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95835","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0007/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securitytracker.com/id/1041402","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048","reference_id":"1605048","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106","reference_id":"904106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106"},{"reference_url":"https://security.archlinux.org/ASA-201807-12","reference_id":"ASA-201807-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201807-12"},{"reference_url":"https://security.archlinux.org/AVG-736","reference_id":"AVG-736","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-736"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1333.json","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1333.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1333","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374376","purl":"pkg:alpm/archlinux/apache@2.4.34-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1"}],"aliases":["CVE-2018-1333"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3784","vulnerability_id":"VCID-qc9j-x576-ayc1","summary":"By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8011","reference_id":"","reference_type":"","scores":[{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99199","published_at":"2026-04-01T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99222","published_at":"2026-05-14T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99215","published_at":"2026-05-05T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99217","published_at":"2026-05-07T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99219","published_at":"2026-05-11T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99203","published_at":"2026-04-04T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99208","published_at":"2026-04-16T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.9921","published_at":"2026-04-21T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99214","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0007/"},{"reference_url":"http://www.securitytracker.com/id/1041401","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605052","reference_id":"1605052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107","reference_id":"904107","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107"},{"reference_url":"https://security.archlinux.org/ASA-201807-12","reference_id":"ASA-201807-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201807-12"},{"reference_url":"https://security.archlinux.org/AVG-736","reference_id":"AVG-736","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-736"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-8011.json","reference_id":"CVE-2018-8011","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-8011.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8011","reference_id":"CVE-2018-8011","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8011"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374376","purl":"pkg:alpm/archlinux/apache@2.4.34-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1"}],"aliases":["CVE-2018-8011"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-3"},{"url":"http://public2.vulnerablecode.io/api/packages/374376","purl":"pkg:alpm/archlinux/apache@2.4.34-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.34-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.39-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3783","vulnerability_id":"VCID-9vzm-qtye-ufh2","summary":"By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3558","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333","reference_id":"","reference_type":"","scores":[{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92958","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92987","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.93012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.93007","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.93","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92971","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.9297","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.15119","scoring_system":"epss","scoring_elements":"0.94612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-05-14T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95846","published_at":"2026-05-05T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95848","published_at":"2026-05-07T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95855","published_at":"2026-05-09T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95859","published_at":"2026-05-11T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95864","published_at":"2026-05-12T12:55:00Z"},{"value":"0.22311","scoring_system":"epss","scoring_elements":"0.95835","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0007/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securitytracker.com/id/1041402","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048","reference_id":"1605048","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106","reference_id":"904106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106"},{"reference_url":"https://security.archlinux.org/ASA-201807-12","reference_id":"ASA-201807-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201807-12"},{"reference_url":"https://security.archlinux.org/AVG-736","reference_id":"AVG-736","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-736"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1333.json","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1333.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1333","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374376","purl":"pkg:alpm/archlinux/apache@2.4.34-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1"}],"aliases":["CVE-2018-1333"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3784","vulnerability_id":"VCID-qc9j-x576-ayc1","summary":"By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8011","reference_id":"","reference_type":"","scores":[{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99199","published_at":"2026-04-01T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99222","published_at":"2026-05-14T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99215","published_at":"2026-05-05T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99217","published_at":"2026-05-07T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99219","published_at":"2026-05-11T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99203","published_at":"2026-04-04T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99208","published_at":"2026-04-16T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.9921","published_at":"2026-04-21T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.8201","scoring_system":"epss","scoring_elements":"0.99214","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0007/"},{"reference_url":"http://www.securitytracker.com/id/1041401","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605052","reference_id":"1605052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107","reference_id":"904107","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107"},{"reference_url":"https://security.archlinux.org/ASA-201807-12","reference_id":"ASA-201807-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201807-12"},{"reference_url":"https://security.archlinux.org/AVG-736","reference_id":"AVG-736","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-736"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-8011.json","reference_id":"CVE-2018-8011","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-8011.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8011","reference_id":"CVE-2018-8011","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8011"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374376","purl":"pkg:alpm/archlinux/apache@2.4.34-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1"}],"aliases":["CVE-2018-8011"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372612","purl":"pkg:alpm/archlinux/apache@2.4.37-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.37-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.39-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3786","vulnerability_id":"VCID-7u2r-egf2-vfhx","summary":"By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17189","reference_id":"","reference_type":"","scores":[{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90359","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.9036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90345","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90292","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90305","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.9031","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90338","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.9197","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91925","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91948","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91947","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91954","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91912","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securityfocus.com/bid/106685","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668497","reference_id":"1668497","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302","reference_id":"920302","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-17189.json","reference_id":"CVE-2018-17189","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-17189.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17189","reference_id":"CVE-2018-17189","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"}],"aliases":["CVE-2018-17189"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3788","vulnerability_id":"VCID-7vjg-vetg-p7f6","summary":"A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0190","reference_id":"","reference_type":"","scores":[{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95079","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95042","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95045","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95052","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95056","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95061","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.9538","published_at":"2026-05-14T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95348","published_at":"2026-05-07T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95356","published_at":"2026-05-09T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95361","published_at":"2026-05-11T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95367","published_at":"2026-05-12T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95342","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0190"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/106743","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106743"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668488","reference_id":"1668488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220","reference_id":"920220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0190.json","reference_id":"CVE-2019-0190","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0190.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0190","reference_id":"CVE-2019-0190","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"}],"aliases":["CVE-2019-0190"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3787","vulnerability_id":"VCID-ct26-19cq-8kd7","summary":"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17199","reference_id":"","reference_type":"","scores":[{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93285","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93277","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.933","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93254","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93268","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93257","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93264","published_at":"2026-04-21T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93266","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.9322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93233","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securityfocus.com/bid/106742","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106742"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668493","reference_id":"1668493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668493"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303","reference_id":"920303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-17199.json","reference_id":"CVE-2018-17199","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-17199.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17199","reference_id":"CVE-2018-17199","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1809","reference_id":"RHSA-2021:1809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1809"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"}],"aliases":["CVE-2018-17199"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.37-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.38-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.39-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3790","vulnerability_id":"VCID-4sss-a8ne-kqbc","summary":"When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197","reference_id":"","reference_type":"","scores":[{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84521","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84539","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8439","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84397","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84423","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84449","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84507","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84523","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042","reference_id":"1695042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0197.json","reference_id":"CVE-2019-0197","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0197.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0197"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3789","vulnerability_id":"VCID-6vxq-uxxw-ybeh","summary":"Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196","reference_id":"","reference_type":"","scores":[{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92467","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92461","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92426","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92437","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92487","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92457","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.9283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92847","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92854","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92856","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92841","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92831","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030","reference_id":"1695030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0196.json","reference_id":"CVE-2019-0196","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0196.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3791","vulnerability_id":"VCID-ehv1-yvpu-ubcg","summary":"In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"},{"reference_url":"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html"},{"reference_url":"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0959","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHBA-2019:0959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0211","reference_id":"","reference_type":"","scores":[{"value":"0.89568","scoring_system":"epss","scoring_elements":"0.99568","published_at":"2026-05-14T12:55:00Z"},{"value":"0.89568","scoring_system":"epss","scoring_elements":"0.99567","published_at":"2026-05-12T12:55:00Z"},{"value":"0.89568","scoring_system":"epss","scoring_elements":"0.99566","published_at":"2026-05-11T12:55:00Z"},{"value":"0.90159","scoring_system":"epss","scoring_elements":"0.99586","published_at":"2026-04-01T12:55:00Z"},{"value":"0.90177","scoring_system":"epss","scoring_elements":"0.99597","published_at":"2026-05-09T12:55:00Z"},{"value":"0.90177","scoring_system":"epss","scoring_elements":"0.99596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9026","scoring_system":"epss","scoring_elements":"0.99593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.9026","scoring_system":"epss","scoring_elements":"0.99594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99637","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99633","published_at":"2026-04-16T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99632","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99639","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/16","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/16"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.f5.com/csp/article/K32957101","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://support.f5.com/csp/article/K32957101"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.exploit-db.com/exploits/46676/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.exploit-db.com/exploits/46676/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_14","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_14"},{"reference_url":"http://www.apache.org/dist/httpd/CHANGES_2.4.39","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.apache.org/dist/httpd/CHANGES_2.4.39"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/26/7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/26/7"},{"reference_url":"http://www.securityfocus.com/bid/107666","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.securityfocus.com/bid/107666"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694980","reference_id":"1694980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694980"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php","reference_id":"CVE-2019-0211","reference_type":"exploit","scores":[],"url":"https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php","reference_id":"CVE-2019-0211","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0211.json","reference_id":"CVE-2019-0211","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0211.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0211","reference_id":"CVE-2019-0211","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0211"},{"reference_url":"https://security.gentoo.org/glsa/201904-20","reference_id":"GLSA-201904-20","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://security.gentoo.org/glsa/201904-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0746","reference_id":"RHSA-2019:0746","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0980","reference_id":"RHSA-2019:0980","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1296","reference_id":"RHSA-2019:1296","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1297","reference_id":"RHSA-2019:1297","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1297"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0211"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3793","vulnerability_id":"VCID-ugdv-apr8-g3bz","summary":"In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0215","reference_id":"","reference_type":"","scores":[{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90634","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90657","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90637","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90593","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90643","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90624","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91818","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.9181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91811","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91756","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91771","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91791","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91801","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.f5.com/csp/article/K59440504","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K59440504"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/4"},{"reference_url":"http://www.securityfocus.com/bid/107667","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695025","reference_id":"1695025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695025"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0215.json","reference_id":"CVE-2019-0215","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0215.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0215","reference_id":"CVE-2019-0215","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0980","reference_id":"RHSA-2019:0980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0980"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0215"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3795","vulnerability_id":"VCID-uwqg-yytc-vfae","summary":"When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0220","reference_id":"","reference_type":"","scores":[{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95478","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95498","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95507","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95512","published_at":"2026-04-11T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95513","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95522","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.9553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95528","published_at":"2026-04-18T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95923","published_at":"2026-05-14T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95903","published_at":"2026-05-09T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95905","published_at":"2026-05-11T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95911","published_at":"2026-05-12T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95895","published_at":"2026-05-05T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95897","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695036","reference_id":"1695036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695036"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0220.json","reference_id":"CVE-2019-0220","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0220.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2343","reference_id":"RHSA-2019:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3436","reference_id":"RHSA-2019:3436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0250","reference_id":"RHSA-2020:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0251","reference_id":"RHSA-2020:0251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0251"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0220"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3794","vulnerability_id":"VCID-w6p6-u8ku-k3f6","summary":"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0217","reference_id":"","reference_type":"","scores":[{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97529","published_at":"2026-05-14T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97506","published_at":"2026-05-05T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97509","published_at":"2026-05-07T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97513","published_at":"2026-05-09T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97515","published_at":"2026-05-11T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.9752","published_at":"2026-05-12T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97471","published_at":"2026-04-02T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97481","published_at":"2026-04-08T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-04-09T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97496","published_at":"2026-04-16T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97498","published_at":"2026-04-26T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97499","published_at":"2026-04-21T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97501","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/5"},{"reference_url":"http://www.securityfocus.com/bid/107668","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695020","reference_id":"1695020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695020"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0217.json","reference_id":"CVE-2019-0217","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0217.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0217","reference_id":"CVE-2019-0217","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2343","reference_id":"RHSA-2019:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3436","reference_id":"RHSA-2019:3436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0217"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3786","vulnerability_id":"VCID-7u2r-egf2-vfhx","summary":"By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17189","reference_id":"","reference_type":"","scores":[{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90359","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.9036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90345","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90292","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90305","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.9031","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90338","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.9197","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91925","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91948","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91947","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91954","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.91912","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securityfocus.com/bid/106685","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668497","reference_id":"1668497","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302","reference_id":"920302","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-17189.json","reference_id":"CVE-2018-17189","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-17189.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17189","reference_id":"CVE-2018-17189","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"}],"aliases":["CVE-2018-17189"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3788","vulnerability_id":"VCID-7vjg-vetg-p7f6","summary":"A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0190","reference_id":"","reference_type":"","scores":[{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95079","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95042","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95045","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95052","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95056","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95061","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17386","scoring_system":"epss","scoring_elements":"0.95065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.9538","published_at":"2026-05-14T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95348","published_at":"2026-05-07T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95356","published_at":"2026-05-09T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95361","published_at":"2026-05-11T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95367","published_at":"2026-05-12T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18924","scoring_system":"epss","scoring_elements":"0.95342","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0190"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/106743","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106743"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668488","reference_id":"1668488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220","reference_id":"920220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0190.json","reference_id":"CVE-2019-0190","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0190.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0190","reference_id":"CVE-2019-0190","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"}],"aliases":["CVE-2019-0190"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3787","vulnerability_id":"VCID-ct26-19cq-8kd7","summary":"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17199","reference_id":"","reference_type":"","scores":[{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93285","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93277","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.933","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93254","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10423","scoring_system":"epss","scoring_elements":"0.93268","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93257","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93264","published_at":"2026-04-21T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93266","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.9322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93233","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securityfocus.com/bid/106742","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106742"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668493","reference_id":"1668493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668493"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303","reference_id":"920303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-17199.json","reference_id":"CVE-2018-17199","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-17199.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17199","reference_id":"CVE-2018-17199","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1809","reference_id":"RHSA-2021:1809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1809"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371357","purl":"pkg:alpm/archlinux/apache@2.4.38-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"}],"aliases":["CVE-2018-17199"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.39-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.43-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3790","vulnerability_id":"VCID-4sss-a8ne-kqbc","summary":"When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197","reference_id":"","reference_type":"","scores":[{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84521","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84539","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8439","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84397","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84423","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84449","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84507","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84523","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042","reference_id":"1695042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0197.json","reference_id":"CVE-2019-0197","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0197.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0197"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3789","vulnerability_id":"VCID-6vxq-uxxw-ybeh","summary":"Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196","reference_id":"","reference_type":"","scores":[{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92467","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92461","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92426","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92437","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92487","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92457","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.9283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92847","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92854","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92856","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92841","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92831","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030","reference_id":"1695030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0196.json","reference_id":"CVE-2019-0196","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0196.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3791","vulnerability_id":"VCID-ehv1-yvpu-ubcg","summary":"In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"},{"reference_url":"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html"},{"reference_url":"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0959","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHBA-2019:0959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0211","reference_id":"","reference_type":"","scores":[{"value":"0.89568","scoring_system":"epss","scoring_elements":"0.99568","published_at":"2026-05-14T12:55:00Z"},{"value":"0.89568","scoring_system":"epss","scoring_elements":"0.99567","published_at":"2026-05-12T12:55:00Z"},{"value":"0.89568","scoring_system":"epss","scoring_elements":"0.99566","published_at":"2026-05-11T12:55:00Z"},{"value":"0.90159","scoring_system":"epss","scoring_elements":"0.99586","published_at":"2026-04-01T12:55:00Z"},{"value":"0.90177","scoring_system":"epss","scoring_elements":"0.99597","published_at":"2026-05-09T12:55:00Z"},{"value":"0.90177","scoring_system":"epss","scoring_elements":"0.99596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9026","scoring_system":"epss","scoring_elements":"0.99593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.9026","scoring_system":"epss","scoring_elements":"0.99594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99637","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99633","published_at":"2026-04-16T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99632","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90908","scoring_system":"epss","scoring_elements":"0.99639","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/16","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/16"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.f5.com/csp/article/K32957101","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://support.f5.com/csp/article/K32957101"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.exploit-db.com/exploits/46676/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.exploit-db.com/exploits/46676/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_14","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_14"},{"reference_url":"http://www.apache.org/dist/httpd/CHANGES_2.4.39","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.apache.org/dist/httpd/CHANGES_2.4.39"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/26/7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/26/7"},{"reference_url":"http://www.securityfocus.com/bid/107666","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"http://www.securityfocus.com/bid/107666"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694980","reference_id":"1694980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694980"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php","reference_id":"CVE-2019-0211","reference_type":"exploit","scores":[],"url":"https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php","reference_id":"CVE-2019-0211","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0211.json","reference_id":"CVE-2019-0211","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0211.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0211","reference_id":"CVE-2019-0211","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0211"},{"reference_url":"https://security.gentoo.org/glsa/201904-20","reference_id":"GLSA-201904-20","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://security.gentoo.org/glsa/201904-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0746","reference_id":"RHSA-2019:0746","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0980","reference_id":"RHSA-2019:0980","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1296","reference_id":"RHSA-2019:1296","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1297","reference_id":"RHSA-2019:1297","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1297"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/"}],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0211"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3793","vulnerability_id":"VCID-ugdv-apr8-g3bz","summary":"In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0215","reference_id":"","reference_type":"","scores":[{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90634","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90657","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90637","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90593","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90643","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05872","scoring_system":"epss","scoring_elements":"0.90624","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91818","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.9181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91811","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91756","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91771","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91791","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07501","scoring_system":"epss","scoring_elements":"0.91801","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.f5.com/csp/article/K59440504","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K59440504"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/4"},{"reference_url":"http://www.securityfocus.com/bid/107667","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695025","reference_id":"1695025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695025"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0215.json","reference_id":"CVE-2019-0215","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0215.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0215","reference_id":"CVE-2019-0215","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0980","reference_id":"RHSA-2019:0980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0980"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0215"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3795","vulnerability_id":"VCID-uwqg-yytc-vfae","summary":"When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0220","reference_id":"","reference_type":"","scores":[{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95478","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95498","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95507","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95512","published_at":"2026-04-11T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95513","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95522","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.9553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20275","scoring_system":"epss","scoring_elements":"0.95528","published_at":"2026-04-18T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95923","published_at":"2026-05-14T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95903","published_at":"2026-05-09T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95905","published_at":"2026-05-11T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95911","published_at":"2026-05-12T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95895","published_at":"2026-05-05T12:55:00Z"},{"value":"0.22688","scoring_system":"epss","scoring_elements":"0.95897","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695036","reference_id":"1695036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695036"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0220.json","reference_id":"CVE-2019-0220","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0220.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2343","reference_id":"RHSA-2019:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3436","reference_id":"RHSA-2019:3436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0250","reference_id":"RHSA-2020:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0251","reference_id":"RHSA-2020:0251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0251"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0220"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3794","vulnerability_id":"VCID-w6p6-u8ku-k3f6","summary":"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0217","reference_id":"","reference_type":"","scores":[{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97529","published_at":"2026-05-14T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97506","published_at":"2026-05-05T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97509","published_at":"2026-05-07T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97513","published_at":"2026-05-09T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97515","published_at":"2026-05-11T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.9752","published_at":"2026-05-12T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97471","published_at":"2026-04-02T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97481","published_at":"2026-04-08T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-04-09T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97496","published_at":"2026-04-16T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97498","published_at":"2026-04-26T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97499","published_at":"2026-04-21T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97501","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/5"},{"reference_url":"http://www.securityfocus.com/bid/107668","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695020","reference_id":"1695020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695020"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0217.json","reference_id":"CVE-2019-0217","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0217.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0217","reference_id":"CVE-2019-0217","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2343","reference_id":"RHSA-2019:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3436","reference_id":"RHSA-2019:3436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371358","purl":"pkg:alpm/archlinux/apache@2.4.39-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"}],"aliases":["CVE-2019-0217"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374909","purl":"pkg:alpm/archlinux/apache@2.4.41-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.41-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.43-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3803","vulnerability_id":"VCID-5xrt-1n1q-4bey","summary":"In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1927","reference_id":"","reference_type":"","scores":[{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91226","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91217","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91236","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91189","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93552","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.9356","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93563","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93547","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93495","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93527","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200413-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200413-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4757","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4757"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/04/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820761","reference_id":"1820761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820761"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1927.json","reference_id":"CVE-2020-1927","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1927.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1927","reference_id":"CVE-2020-1927","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2263","reference_id":"RHSA-2020:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374910","purl":"pkg:alpm/archlinux/apache@2.4.43-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1"}],"aliases":["CVE-2020-1927"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3804","vulnerability_id":"VCID-auhk-ppv5-buaa","summary":"in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934","reference_id":"","reference_type":"","scores":[{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96445","published_at":"2026-05-14T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96435","published_at":"2026-05-12T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.9643","published_at":"2026-05-11T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96409","published_at":"2026-04-29T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96418","published_at":"2026-05-05T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96427","published_at":"2026-05-09T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96421","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97257","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97258","published_at":"2026-04-18T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97262","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97221","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97233","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200413-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200413-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4757","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4757"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772","reference_id":"1820772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1934.json","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1934.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1934","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374910","purl":"pkg:alpm/archlinux/apache@2.4.43-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1"}],"aliases":["CVE-2020-1934"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa"}],"fixing_vulnerabilities":[],"risk_score":"2.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.41-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374910","purl":"pkg:alpm/archlinux/apache@2.4.43-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.43-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.51-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3803","vulnerability_id":"VCID-5xrt-1n1q-4bey","summary":"In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1927","reference_id":"","reference_type":"","scores":[{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91226","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91217","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91236","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91189","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0656","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93552","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.9356","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93563","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93547","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93495","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93527","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200413-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200413-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4757","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4757"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/04/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820761","reference_id":"1820761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820761"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1927.json","reference_id":"CVE-2020-1927","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1927.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1927","reference_id":"CVE-2020-1927","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2263","reference_id":"RHSA-2020:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374910","purl":"pkg:alpm/archlinux/apache@2.4.43-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1"}],"aliases":["CVE-2020-1927"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3804","vulnerability_id":"VCID-auhk-ppv5-buaa","summary":"in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934","reference_id":"","reference_type":"","scores":[{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96445","published_at":"2026-05-14T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96435","published_at":"2026-05-12T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.9643","published_at":"2026-05-11T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96409","published_at":"2026-04-29T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96418","published_at":"2026-05-05T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96427","published_at":"2026-05-09T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96421","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97257","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97258","published_at":"2026-04-18T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97262","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97221","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97233","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200413-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200413-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4757","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4757"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772","reference_id":"1820772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1934.json","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1934.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1934","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374910","purl":"pkg:alpm/archlinux/apache@2.4.43-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1"}],"aliases":["CVE-2020-1934"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373701","purl":"pkg:alpm/archlinux/apache@2.4.46-3","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.46-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.51-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3813","vulnerability_id":"VCID-17hy-4ppt-xyhw","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691","reference_id":"","reference_type":"","scores":[{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97365","published_at":"2026-04-29T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97356","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.9736","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97359","published_at":"2026-04-18T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97745","published_at":"2026-05-14T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.9773","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97732","published_at":"2026-05-11T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97737","published_at":"2026-05-12T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97728","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732","reference_id":"1966732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26691.json","reference_id":"CVE-2021-26691","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26691.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2021-26691"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3811","vulnerability_id":"VCID-66k7-maf9-dfcd","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452","reference_id":"","reference_type":"","scores":[{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93241","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93234","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93258","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93204","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.9321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93224","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.9332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93342","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93315","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724","reference_id":"1966724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-35452.json","reference_id":"CVE-2020-35452","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-35452.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2020-35452"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3809","vulnerability_id":"VCID-91u7-vh6n-v7fm","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21628","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21943","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21839","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21894","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21808","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21811","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21634","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21782","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32432","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32343","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32365","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32364","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32426","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32438","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006","reference_id":"1970006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006"},{"reference_url":"https://security.archlinux.org/AVG-2054","reference_id":"AVG-2054","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2054"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13938.json","reference_id":"CVE-2020-13938","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13938.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2020-13938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3810","vulnerability_id":"VCID-9ych-ybpr-j3h6","summary":"Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950","reference_id":"","reference_type":"","scores":[{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95779","published_at":"2026-05-14T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95761","published_at":"2026-05-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95765","published_at":"2026-05-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.9571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95714","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95727","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95734","published_at":"2026-04-26T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95747","published_at":"2026-05-05T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95749","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738","reference_id":"1966738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13950.json","reference_id":"CVE-2020-13950","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13950.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5163","reference_id":"RHSA-2022:5163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5163"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2020-13950"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3812","vulnerability_id":"VCID-bvkg-nrwd-e7g8","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690","reference_id":"","reference_type":"","scores":[{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.9859","published_at":"2026-05-14T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98587","published_at":"2026-05-12T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98585","published_at":"2026-05-05T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98682","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729","reference_id":"1966729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26690.json","reference_id":"CVE-2021-26690","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26690.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2021-26690"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3802","vulnerability_id":"VCID-f2y3-s6j8-7ygr","summary":"Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567","reference_id":"","reference_type":"","scores":[{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93987","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93963","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93969","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93973","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93886","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93932","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93952","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740","reference_id":"1966740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-17567.json","reference_id":"CVE-2019-17567","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-17567.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2019-17567"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3814","vulnerability_id":"VCID-g6xr-qtwz-2yaq","summary":"Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641","reference_id":"","reference_type":"","scores":[{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97162","published_at":"2026-05-14T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97144","published_at":"2026-05-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97149","published_at":"2026-05-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97155","published_at":"2026-05-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97095","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.9711","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97119","published_at":"2026-04-16T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97127","published_at":"2026-04-21T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97131","published_at":"2026-04-26T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97132","published_at":"2026-04-29T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97135","published_at":"2026-05-05T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97139","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743","reference_id":"1966743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-30641.json","reference_id":"CVE-2021-30641","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-30641.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2021-30641"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq"}],"fixing_vulnerabilities":[],"risk_score":"3.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.46-3"},{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.47-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.51-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3815","vulnerability_id":"VCID-6b7y-562y-suce","summary":"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618","reference_id":"","reference_type":"","scores":[{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93503","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93392","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93491","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93484","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93485","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93474","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93455","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.9346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.9345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013","reference_id":"1968013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/13/2","reference_id":"2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/13/2"},{"reference_url":"https://seclists.org/oss-sec/2021/q2/206","reference_id":"206","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://seclists.org/oss-sec/2021/q2/206"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/","reference_id":"2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/06/10/9","reference_id":"9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/06/10/9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562","reference_id":"989562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/","reference_id":"A73QJ4HPUMU26I6EULG6SCK67TUEXZYR","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"},{"reference_url":"https://security.archlinux.org/ASA-202106-23","reference_id":"ASA-202106-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-23"},{"reference_url":"https://security.archlinux.org/AVG-2041","reference_id":"AVG-2041","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2041"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-31618.json","reference_id":"CVE-2021-31618","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-31618.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4937","reference_id":"dsa-4937","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://www.debian.org/security/2021/dsa-4937"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0008/","reference_id":"ntap-20210727-0008","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210727-0008/"},{"reference_url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_id":"r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_id":"r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371900","purl":"pkg:alpm/archlinux/apache@2.4.48-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1"}],"aliases":["CVE-2021-31618"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3813","vulnerability_id":"VCID-17hy-4ppt-xyhw","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691","reference_id":"","reference_type":"","scores":[{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97365","published_at":"2026-04-29T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97356","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.9736","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97359","published_at":"2026-04-18T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97745","published_at":"2026-05-14T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.9773","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97732","published_at":"2026-05-11T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97737","published_at":"2026-05-12T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97728","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732","reference_id":"1966732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26691.json","reference_id":"CVE-2021-26691","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26691.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2021-26691"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3811","vulnerability_id":"VCID-66k7-maf9-dfcd","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452","reference_id":"","reference_type":"","scores":[{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93241","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93234","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93258","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93204","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.9321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93224","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.9332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93342","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93315","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724","reference_id":"1966724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-35452.json","reference_id":"CVE-2020-35452","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-35452.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2020-35452"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3809","vulnerability_id":"VCID-91u7-vh6n-v7fm","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21628","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21943","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21839","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21894","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21808","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21811","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21634","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21782","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32432","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32343","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32365","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32364","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32426","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32438","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006","reference_id":"1970006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006"},{"reference_url":"https://security.archlinux.org/AVG-2054","reference_id":"AVG-2054","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2054"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13938.json","reference_id":"CVE-2020-13938","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13938.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2020-13938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3810","vulnerability_id":"VCID-9ych-ybpr-j3h6","summary":"Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950","reference_id":"","reference_type":"","scores":[{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95779","published_at":"2026-05-14T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95761","published_at":"2026-05-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95765","published_at":"2026-05-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.9571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95714","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95727","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95734","published_at":"2026-04-26T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95747","published_at":"2026-05-05T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95749","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738","reference_id":"1966738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13950.json","reference_id":"CVE-2020-13950","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13950.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5163","reference_id":"RHSA-2022:5163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5163"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2020-13950"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3812","vulnerability_id":"VCID-bvkg-nrwd-e7g8","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690","reference_id":"","reference_type":"","scores":[{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.9859","published_at":"2026-05-14T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98587","published_at":"2026-05-12T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98585","published_at":"2026-05-05T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98682","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729","reference_id":"1966729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26690.json","reference_id":"CVE-2021-26690","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26690.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2021-26690"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3802","vulnerability_id":"VCID-f2y3-s6j8-7ygr","summary":"Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567","reference_id":"","reference_type":"","scores":[{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93987","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93963","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93969","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93973","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93886","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93932","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93952","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740","reference_id":"1966740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-17567.json","reference_id":"CVE-2019-17567","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-17567.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2019-17567"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3814","vulnerability_id":"VCID-g6xr-qtwz-2yaq","summary":"Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641","reference_id":"","reference_type":"","scores":[{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97162","published_at":"2026-05-14T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97144","published_at":"2026-05-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97149","published_at":"2026-05-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97155","published_at":"2026-05-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97095","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.9711","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97119","published_at":"2026-04-16T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97127","published_at":"2026-04-21T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97131","published_at":"2026-04-26T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97132","published_at":"2026-04-29T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97135","published_at":"2026-05-05T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97139","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743","reference_id":"1966743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-30641.json","reference_id":"CVE-2021-30641","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-30641.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372043","purl":"pkg:alpm/archlinux/apache@2.4.47-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b7y-562y-suce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"}],"aliases":["CVE-2021-30641"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371900","purl":"pkg:alpm/archlinux/apache@2.4.48-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.48-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.51-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3817","vulnerability_id":"VCID-9u53-b79b-cfgd","summary":"Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798","reference_id":"","reference_type":"","scores":[{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93255","published_at":"2026-05-14T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93221","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93231","published_at":"2026-05-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93238","published_at":"2026-05-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.932","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93204","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93201","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93207","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128","reference_id":"2005128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-34798.json","reference_id":"CVE-2021-34798","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-34798.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-34798"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3816","vulnerability_id":"VCID-db6k-j9mj-e7hy","summary":"A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.6858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69792","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69863","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69836","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69866","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69913","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69818","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.729","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72839","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72866","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72841","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72892","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72943","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728","reference_id":"1966728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-33193.json","reference_id":"CVE-2021-33193","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-33193.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-33193"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3820","vulnerability_id":"VCID-mtg7-8556-kbgd","summary":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438","reference_id":"","reference_type":"","scores":[{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-05-11T12:55:00Z"},{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99986","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99984","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117","reference_id":"2005117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_id":"cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-40438.json","reference_id":"CVE-2021-40438","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-40438.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4982","reference_id":"dsa-4982","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.debian.org/security/2021/dsa-4982"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211008-0004/","reference_id":"ntap-20211008-0004","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211008-0004/"},{"reference_url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_id":"r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_id":"r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_id":"r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_id":"r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_id":"r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_id":"r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_id":"rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3745","reference_id":"RHSA-2021:3745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3746","reference_id":"RHSA-2021:3746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3754","reference_id":"RHSA-2021:3754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3836","reference_id":"RHSA-2021:3836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3837","reference_id":"RHSA-2021:3837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3856","reference_id":"RHSA-2021:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3856"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/","reference_id":"SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf","reference_id":"ssa-685781.pdf","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"},{"reference_url":"https://www.tenable.com/security/tns-2021-17","reference_id":"tns-2021-17","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.tenable.com/security/tns-2021-17"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/","reference_id":"ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-40438"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3818","vulnerability_id":"VCID-rdtq-8ng5-53fn","summary":"A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160","reference_id":"","reference_type":"","scores":[{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.88013","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.88006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87947","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87978","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89452","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89423","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89421","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89431","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89382","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89391","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89409","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124","reference_id":"2005124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-36160.json","reference_id":"CVE-2021-36160","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-36160.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-36160"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3819","vulnerability_id":"VCID-wrw6-uzz4-rkfb","summary":"ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275","reference_id":"","reference_type":"","scores":[{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97171","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-05-14T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97229","published_at":"2026-05-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.9724","published_at":"2026-05-12T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97183","published_at":"2026-04-07T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97193","published_at":"2026-04-08T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97199","published_at":"2026-04-13T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-24T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97215","published_at":"2026-04-29T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-05-05T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119","reference_id":"2005119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-39275.json","reference_id":"CVE-2021-39275","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-39275.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-39275"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3815","vulnerability_id":"VCID-6b7y-562y-suce","summary":"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618","reference_id":"","reference_type":"","scores":[{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93503","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93392","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93491","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93484","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93485","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93474","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93455","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.9346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.9345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013","reference_id":"1968013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/13/2","reference_id":"2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/13/2"},{"reference_url":"https://seclists.org/oss-sec/2021/q2/206","reference_id":"206","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://seclists.org/oss-sec/2021/q2/206"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/","reference_id":"2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/06/10/9","reference_id":"9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/06/10/9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562","reference_id":"989562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/","reference_id":"A73QJ4HPUMU26I6EULG6SCK67TUEXZYR","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"},{"reference_url":"https://security.archlinux.org/ASA-202106-23","reference_id":"ASA-202106-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-23"},{"reference_url":"https://security.archlinux.org/AVG-2041","reference_id":"AVG-2041","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2041"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-31618.json","reference_id":"CVE-2021-31618","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-31618.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4937","reference_id":"dsa-4937","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://www.debian.org/security/2021/dsa-4937"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0008/","reference_id":"ntap-20210727-0008","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210727-0008/"},{"reference_url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_id":"r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_id":"r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371900","purl":"pkg:alpm/archlinux/apache@2.4.48-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1"}],"aliases":["CVE-2021-31618"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.49-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.51-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3822","vulnerability_id":"VCID-ffpe-1ctd-77e9","summary":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache 2.4.49 and not earlier versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41773","reference_id":"","reference_type":"","scores":[{"value":"0.94391","scoring_system":"epss","scoring_elements":"0.99973","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94433","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41773"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/09/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/16/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/05/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/05/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010757","reference_id":"2010757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010757"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/15/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/11/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/11/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/5","reference_id":"5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/6"},{"reference_url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_id":"Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html","reference_id":"Apache-HTTP-Server-2.4.49-Path-Traversal.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html"},{"reference_url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"https://security.archlinux.org/AVG-2442","reference_id":"AVG-2442","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2442"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_id":"cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh","reference_id":"CVE-2021-41773","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-41773.json","reference_id":"CVE-2021-41773","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-41773.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py","reference_id":"CVE-2021-42013;CVE-2021-41773","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0009/","reference_id":"ntap-20211029-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0009/"},{"reference_url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_id":"r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E","reference_id":"r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_id":"r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E","reference_id":"r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_id":"rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/","reference_id":"RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/","reference_id":"WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371170","purl":"pkg:alpm/archlinux/apache@2.4.50-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1"}],"aliases":["CVE-2021-41773"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3821","vulnerability_id":"VCID-hj5r-jms3-x3fe","summary":"While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41524","reference_id":"","reference_type":"","scores":[{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91488","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91607","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9159","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91599","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9151","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91534","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91535","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91555","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9155","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91551","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91568","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91581","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91592","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010934","reference_id":"2010934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010934"},{"reference_url":"https://security.archlinux.org/AVG-2442","reference_id":"AVG-2442","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2442"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-41524.json","reference_id":"CVE-2021-41524","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-41524.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371170","purl":"pkg:alpm/archlinux/apache@2.4.50-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1"}],"aliases":["CVE-2021-41524"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3817","vulnerability_id":"VCID-9u53-b79b-cfgd","summary":"Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798","reference_id":"","reference_type":"","scores":[{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93255","published_at":"2026-05-14T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93221","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93231","published_at":"2026-05-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93238","published_at":"2026-05-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.932","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93204","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93201","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93207","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128","reference_id":"2005128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-34798.json","reference_id":"CVE-2021-34798","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-34798.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-34798"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3816","vulnerability_id":"VCID-db6k-j9mj-e7hy","summary":"A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.6858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69792","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69863","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69836","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69866","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69913","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69818","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.729","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72839","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72866","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72841","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72892","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72943","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728","reference_id":"1966728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-33193.json","reference_id":"CVE-2021-33193","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-33193.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-33193"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3820","vulnerability_id":"VCID-mtg7-8556-kbgd","summary":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438","reference_id":"","reference_type":"","scores":[{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-05-11T12:55:00Z"},{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99986","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99984","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117","reference_id":"2005117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_id":"cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-40438.json","reference_id":"CVE-2021-40438","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-40438.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4982","reference_id":"dsa-4982","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.debian.org/security/2021/dsa-4982"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211008-0004/","reference_id":"ntap-20211008-0004","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211008-0004/"},{"reference_url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_id":"r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_id":"r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_id":"r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_id":"r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_id":"r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_id":"r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_id":"rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3745","reference_id":"RHSA-2021:3745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3746","reference_id":"RHSA-2021:3746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3754","reference_id":"RHSA-2021:3754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3836","reference_id":"RHSA-2021:3836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3837","reference_id":"RHSA-2021:3837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3856","reference_id":"RHSA-2021:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3856"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/","reference_id":"SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf","reference_id":"ssa-685781.pdf","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"},{"reference_url":"https://www.tenable.com/security/tns-2021-17","reference_id":"tns-2021-17","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.tenable.com/security/tns-2021-17"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/","reference_id":"ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-40438"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3818","vulnerability_id":"VCID-rdtq-8ng5-53fn","summary":"A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160","reference_id":"","reference_type":"","scores":[{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.88013","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.88006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87947","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87978","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89452","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89423","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89421","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89431","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89382","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89391","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89409","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124","reference_id":"2005124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-36160.json","reference_id":"CVE-2021-36160","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-36160.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-36160"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3819","vulnerability_id":"VCID-wrw6-uzz4-rkfb","summary":"ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275","reference_id":"","reference_type":"","scores":[{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97171","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-05-14T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97229","published_at":"2026-05-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.9724","published_at":"2026-05-12T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97183","published_at":"2026-04-07T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97193","published_at":"2026-04-08T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97199","published_at":"2026-04-13T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-24T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97215","published_at":"2026-04-29T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-05-05T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119","reference_id":"2005119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-39275.json","reference_id":"CVE-2021-39275","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-39275.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371879","purl":"pkg:alpm/archlinux/apache@2.4.49-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"}],"aliases":["CVE-2021-39275"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371170","purl":"pkg:alpm/archlinux/apache@2.4.50-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.50-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.51-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3823","vulnerability_id":"VCID-qn74-neyt-jkg9","summary":"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.  An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.  \n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42013","reference_id":"","reference_type":"","scores":[{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99977","published_at":"2026-04-21T12:55:00Z"},{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99978","published_at":"2026-05-11T12:55:00Z"},{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99979","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/09/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/16/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011900","reference_id":"2011900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011900"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/15/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/11/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/11/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/5","reference_id":"5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/6"},{"reference_url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_id":"Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"},{"reference_url":"https://www.povilaika.com/apache-2-4-50-exploit/","reference_id":"apache-2-4-50-exploit","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://www.povilaika.com/apache-2-4-50-exploit/"},{"reference_url":"http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html","reference_id":"Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html"},{"reference_url":"http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"https://security.archlinux.org/ASA-202110-1","reference_id":"ASA-202110-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-1"},{"reference_url":"https://security.archlinux.org/AVG-2450","reference_id":"AVG-2450","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2450"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_id":"cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh","reference_id":"CVE-2021-42013","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh","reference_id":"CVE-2021-42013","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-42013.json","reference_id":"CVE-2021-42013","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-42013.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"http://jvn.jp/en/jp/JVN51106450/index.html","reference_id":"index.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://jvn.jp/en/jp/JVN51106450/index.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0009/","reference_id":"ntap-20211029-0009","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0009/"},{"reference_url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_id":"r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_id":"r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_id":"rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/","reference_id":"RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/","reference_id":"WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371171","purl":"pkg:alpm/archlinux/apache@2.4.51-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1"}],"aliases":["CVE-2021-42013"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3822","vulnerability_id":"VCID-ffpe-1ctd-77e9","summary":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache 2.4.49 and not earlier versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41773","reference_id":"","reference_type":"","scores":[{"value":"0.94391","scoring_system":"epss","scoring_elements":"0.99973","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94433","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41773"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/09/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/16/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/05/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/05/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010757","reference_id":"2010757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010757"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/15/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/11/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/11/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/5","reference_id":"5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/6"},{"reference_url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_id":"Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html","reference_id":"Apache-HTTP-Server-2.4.49-Path-Traversal.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html"},{"reference_url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"https://security.archlinux.org/AVG-2442","reference_id":"AVG-2442","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2442"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_id":"cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh","reference_id":"CVE-2021-41773","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-41773.json","reference_id":"CVE-2021-41773","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-41773.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py","reference_id":"CVE-2021-42013;CVE-2021-41773","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0009/","reference_id":"ntap-20211029-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0009/"},{"reference_url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_id":"r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E","reference_id":"r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_id":"r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E","reference_id":"r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_id":"rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/","reference_id":"RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/","reference_id":"WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371170","purl":"pkg:alpm/archlinux/apache@2.4.50-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1"}],"aliases":["CVE-2021-41773"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3821","vulnerability_id":"VCID-hj5r-jms3-x3fe","summary":"While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41524","reference_id":"","reference_type":"","scores":[{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91488","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91607","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9159","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91599","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9151","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91534","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91535","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91555","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9155","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91551","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91568","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91581","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91592","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010934","reference_id":"2010934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010934"},{"reference_url":"https://security.archlinux.org/AVG-2442","reference_id":"AVG-2442","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2442"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-41524.json","reference_id":"CVE-2021-41524","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-41524.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371170","purl":"pkg:alpm/archlinux/apache@2.4.50-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1"}],"aliases":["CVE-2021-41524"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371171","purl":"pkg:alpm/archlinux/apache@2.4.51-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.51-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.54-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3823","vulnerability_id":"VCID-qn74-neyt-jkg9","summary":"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.  An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.  \n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42013","reference_id":"","reference_type":"","scores":[{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99977","published_at":"2026-04-21T12:55:00Z"},{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99978","published_at":"2026-05-11T12:55:00Z"},{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99979","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/09/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/16/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011900","reference_id":"2011900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011900"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/15/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/11/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/11/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/5","reference_id":"5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/6"},{"reference_url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_id":"Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"},{"reference_url":"https://www.povilaika.com/apache-2-4-50-exploit/","reference_id":"apache-2-4-50-exploit","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://www.povilaika.com/apache-2-4-50-exploit/"},{"reference_url":"http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html","reference_id":"Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html"},{"reference_url":"http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"https://security.archlinux.org/ASA-202110-1","reference_id":"ASA-202110-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-1"},{"reference_url":"https://security.archlinux.org/AVG-2450","reference_id":"AVG-2450","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2450"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_id":"cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh","reference_id":"CVE-2021-42013","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh","reference_id":"CVE-2021-42013","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-42013.json","reference_id":"CVE-2021-42013","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-42013.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"http://jvn.jp/en/jp/JVN51106450/index.html","reference_id":"index.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://jvn.jp/en/jp/JVN51106450/index.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0009/","reference_id":"ntap-20211029-0009","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0009/"},{"reference_url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_id":"r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_id":"r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_id":"rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/","reference_id":"RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/","reference_id":"WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371171","purl":"pkg:alpm/archlinux/apache@2.4.51-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1"}],"aliases":["CVE-2021-42013"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373212","purl":"pkg:alpm/archlinux/apache@2.4.53-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.53-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.54-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3833","vulnerability_id":"VCID-4d3t-es7p-9qhn","summary":"Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.  While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28615","reference_id":"","reference_type":"","scores":[{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76587","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76569","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76642","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76592","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76575","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78114","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78101","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.7814","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78182","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78177","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78215","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78229","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78242","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095006","reference_id":"2095006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095006"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/","reference_id":"7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/08/9","reference_id":"9","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/06/08/9"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28615.json","reference_id":"CVE-2022-28615","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28615.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220624-0005/","reference_id":"ntap-20220624-0005","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220624-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/","reference_id":"YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-28615"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3834","vulnerability_id":"VCID-d36c-rrxh-ybgv","summary":"In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29404","reference_id":"","reference_type":"","scores":[{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83875","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83825","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83841","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83809","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83826","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84806","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84797","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84819","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84843","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84853","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84852","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84818","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84757","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095012","reference_id":"2095012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095012"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-29404.json","reference_id":"CVE-2022-29404","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-29404.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-29404"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3835","vulnerability_id":"VCID-gv84-vfvh-y7hu","summary":"If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30522","reference_id":"","reference_type":"","scores":[{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93214","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93198","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93179","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93676","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93674","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93662","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93627","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93638","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095015","reference_id":"2095015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095015"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-30522.json","reference_id":"CVE-2022-30522","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-30522.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-30522"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3836","vulnerability_id":"VCID-hm3f-m22n-u3gy","summary":"Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30556","reference_id":"","reference_type":"","scores":[{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65711","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65786","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65729","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65696","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.6574","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6626","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66264","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66279","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66263","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66286","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66301","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095018","reference_id":"2095018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095018"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-30556.json","reference_id":"CVE-2022-30556","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-30556.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-30556"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3832","vulnerability_id":"VCID-na94-5565-dyfc","summary":"The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28614","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68891","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.6897","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68916","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.6889","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68925","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69305","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69359","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69337","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6922","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6924","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69271","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69289","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095002","reference_id":"2095002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095002"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28614.json","reference_id":"CVE-2022-28614","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28614.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-28614"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3837","vulnerability_id":"VCID-p2a1-afnh-7qca","summary":"Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31813","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11032","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13161","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1316","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13224","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1312","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13379","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13443","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13305","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14801","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14681","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14677","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14722","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14592","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095020","reference_id":"2095020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095020"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-31813.json","reference_id":"CVE-2022-31813","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-31813.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-31813"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3830","vulnerability_id":"VCID-qm7e-n9ay-hufy","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26377","reference_id":"","reference_type":"","scores":[{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97275","published_at":"2026-05-07T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97298","published_at":"2026-05-14T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.9729","published_at":"2026-05-12T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97285","published_at":"2026-05-11T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97279","published_at":"2026-05-09T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97289","published_at":"2026-04-13T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97297","published_at":"2026-04-16T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97299","published_at":"2026-04-18T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97302","published_at":"2026-04-26T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97304","published_at":"2026-04-29T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.9732","published_at":"2026-04-08T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-09T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97313","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2094997","reference_id":"2094997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2094997"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-26377.json","reference_id":"CVE-2022-26377","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-26377.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-26377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy"}],"fixing_vulnerabilities":[],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.53-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.54-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.55-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3833","vulnerability_id":"VCID-4d3t-es7p-9qhn","summary":"Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.  While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28615","reference_id":"","reference_type":"","scores":[{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76587","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76569","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76642","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76592","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76575","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78114","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78101","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.7814","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78182","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78177","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78215","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78229","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78242","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095006","reference_id":"2095006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095006"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/","reference_id":"7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/08/9","reference_id":"9","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/06/08/9"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28615.json","reference_id":"CVE-2022-28615","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28615.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220624-0005/","reference_id":"ntap-20220624-0005","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220624-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/","reference_id":"YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-28615"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3834","vulnerability_id":"VCID-d36c-rrxh-ybgv","summary":"In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29404","reference_id":"","reference_type":"","scores":[{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83875","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83825","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83841","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83809","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02008","scoring_system":"epss","scoring_elements":"0.83826","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84806","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84797","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84819","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84843","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84853","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84852","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84818","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84757","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095012","reference_id":"2095012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095012"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-29404.json","reference_id":"CVE-2022-29404","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-29404.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-29404"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3835","vulnerability_id":"VCID-gv84-vfvh-y7hu","summary":"If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30522","reference_id":"","reference_type":"","scores":[{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93214","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93198","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93179","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10194","scoring_system":"epss","scoring_elements":"0.93189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93676","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93674","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93662","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93627","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93638","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095015","reference_id":"2095015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095015"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-30522.json","reference_id":"CVE-2022-30522","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-30522.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-30522"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3836","vulnerability_id":"VCID-hm3f-m22n-u3gy","summary":"Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30556","reference_id":"","reference_type":"","scores":[{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65711","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65786","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65729","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65696","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.6574","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6626","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66264","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66279","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66263","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66286","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66301","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095018","reference_id":"2095018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095018"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-30556.json","reference_id":"CVE-2022-30556","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-30556.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-30556"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3832","vulnerability_id":"VCID-na94-5565-dyfc","summary":"The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28614","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68891","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.6897","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68916","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.6889","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68925","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69305","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69359","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69337","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6922","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6924","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69271","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69289","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095002","reference_id":"2095002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095002"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28614.json","reference_id":"CVE-2022-28614","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28614.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-28614"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3837","vulnerability_id":"VCID-p2a1-afnh-7qca","summary":"Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31813","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11032","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13161","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1316","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13224","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1312","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13379","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13443","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13305","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14801","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14681","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14677","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14722","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14592","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095020","reference_id":"2095020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095020"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-31813.json","reference_id":"CVE-2022-31813","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-31813.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-31813"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3830","vulnerability_id":"VCID-qm7e-n9ay-hufy","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26377","reference_id":"","reference_type":"","scores":[{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97275","published_at":"2026-05-07T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97298","published_at":"2026-05-14T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.9729","published_at":"2026-05-12T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97285","published_at":"2026-05-11T12:55:00Z"},{"value":"0.3867","scoring_system":"epss","scoring_elements":"0.97279","published_at":"2026-05-09T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97289","published_at":"2026-04-13T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97297","published_at":"2026-04-16T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97299","published_at":"2026-04-18T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97302","published_at":"2026-04-26T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97304","published_at":"2026-04-29T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.9732","published_at":"2026-04-08T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-09T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97313","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2094997","reference_id":"2094997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2094997"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-26377.json","reference_id":"CVE-2022-26377","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-26377.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373213","purl":"pkg:alpm/archlinux/apache@2.4.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"}],"aliases":["CVE-2022-26377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371052","purl":"pkg:alpm/archlinux/apache@2.4.54-3","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.54-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.55-1","latest_non_vulnerable_version":"2.4.55-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3838","vulnerability_id":"VCID-6qk8-1cj1-4fh7","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36760","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52606","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52497","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52439","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52492","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52538","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52501","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52527","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52481","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52581","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52588","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52574","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52524","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52534","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161777","reference_id":"2161777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161777"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-36760.json","reference_id":"CVE-2022-36760","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2022-36760.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://usn.ubuntu.com/5834-1/","reference_id":"USN-5834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5834-1/"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"}],"aliases":["CVE-2022-36760"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3691","vulnerability_id":"VCID-fz8c-b8r4-1yb8","summary":"A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-20001","reference_id":"","reference_type":"","scores":[{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63315","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63221","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63273","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63234","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6326","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63174","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63188","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63196","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63177","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63198","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63212","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63178","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161774","reference_id":"2161774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161774"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2006-20001.json","reference_id":"CVE-2006-20001","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2006-20001.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://usn.ubuntu.com/5834-1/","reference_id":"USN-5834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5834-1/"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"}],"aliases":["CVE-2006-20001"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3839","vulnerability_id":"VCID-htfx-mahy-9kde","summary":"Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37436","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64264","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64235","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64237","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67696","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67667","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67692","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67617","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6763","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67638","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67659","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6775","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161773","reference_id":"2161773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161773"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-37436.json","reference_id":"CVE-2022-37436","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2022-37436.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"},{"reference_url":"https://usn.ubuntu.com/5839-2/","reference_id":"USN-5839-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"}],"aliases":["CVE-2022-37436"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-3"},{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","type":"alpm","namespace":"archlinux","name":"apache","version":"2.4.55-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3838","vulnerability_id":"VCID-6qk8-1cj1-4fh7","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36760","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52606","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52497","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52439","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52492","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52538","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52501","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52527","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52481","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52581","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52588","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52574","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52524","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52534","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161777","reference_id":"2161777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161777"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-36760.json","reference_id":"CVE-2022-36760","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2022-36760.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://usn.ubuntu.com/5834-1/","reference_id":"USN-5834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5834-1/"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"}],"aliases":["CVE-2022-36760"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3691","vulnerability_id":"VCID-fz8c-b8r4-1yb8","summary":"A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-20001","reference_id":"","reference_type":"","scores":[{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63315","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63221","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63273","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63234","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6326","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63174","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63188","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63196","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63177","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63198","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63212","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63178","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161774","reference_id":"2161774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161774"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2006-20001.json","reference_id":"CVE-2006-20001","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2006-20001.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://usn.ubuntu.com/5834-1/","reference_id":"USN-5834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5834-1/"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"}],"aliases":["CVE-2006-20001"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3839","vulnerability_id":"VCID-htfx-mahy-9kde","summary":"Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37436","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64264","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64235","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64237","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67696","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67667","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67692","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67617","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6763","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67638","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67659","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6775","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161773","reference_id":"2161773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161773"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-37436.json","reference_id":"CVE-2022-37436","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2022-37436.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"},{"reference_url":"https://usn.ubuntu.com/5839-2/","reference_id":"USN-5839-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371053","purl":"pkg:alpm/archlinux/apache@2.4.55-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"}],"aliases":["CVE-2022-37436"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374484","purl":"pkg:alpm/archlinux/apr@1.6.2-1","type":"alpm","namespace":"archlinux","name":"apr","version":"1.6.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.3-1","latest_non_vulnerable_version":"1.6.3-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83867","vulnerability_id":"VCID-jdxe-krj9-8kax","summary":"apr: Out-of-bounds array deref in apr_time_exp*() functions","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12613","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48167","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48231","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48094","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48159","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48184","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48129","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48205","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48176","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48234","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4828","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48237","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48229","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:M/C:P/I:N/A:P"},{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1807976","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=revision&revision=1807976"},{"reference_url":"http://www.apache.org/dist/apr/Announcement1.x.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/apr/Announcement1.x.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/08/23/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/08/23/1"},{"reference_url":"http://www.securityfocus.com/bid/101560","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101560"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506523","reference_id":"1506523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506523"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708","reference_id":"879708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708"},{"reference_url":"https://security.archlinux.org/ASA-201710-32","reference_id":"ASA-201710-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-32"},{"reference_url":"https://security.archlinux.org/AVG-469","reference_id":"AVG-469","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-469"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12613","reference_id":"CVE-2017-12613","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:P"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3270","reference_id":"RHSA-2017:3270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3270"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0316","reference_id":"RHSA-2018:0316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1253","reference_id":"RHSA-2018:1253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1253"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374485","purl":"pkg:alpm/archlinux/apr@1.6.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1"}],"aliases":["CVE-2017-12613"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374485","purl":"pkg:alpm/archlinux/apr@1.6.3-1","type":"alpm","namespace":"archlinux","name":"apr","version":"1.6.3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83867","vulnerability_id":"VCID-jdxe-krj9-8kax","summary":"apr: Out-of-bounds array deref in apr_time_exp*() functions","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12613","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48167","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48231","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48094","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48159","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48184","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48129","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48205","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48176","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48234","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4828","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48237","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48229","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:M/C:P/I:N/A:P"},{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1807976","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=revision&revision=1807976"},{"reference_url":"http://www.apache.org/dist/apr/Announcement1.x.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/apr/Announcement1.x.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/08/23/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/08/23/1"},{"reference_url":"http://www.securityfocus.com/bid/101560","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101560"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506523","reference_id":"1506523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506523"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708","reference_id":"879708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708"},{"reference_url":"https://security.archlinux.org/ASA-201710-32","reference_id":"ASA-201710-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-32"},{"reference_url":"https://security.archlinux.org/AVG-469","reference_id":"AVG-469","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-469"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12613","reference_id":"CVE-2017-12613","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:P"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3270","reference_id":"RHSA-2017:3270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3270"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0316","reference_id":"RHSA-2018:0316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1253","reference_id":"RHSA-2018:1253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1253"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374485","purl":"pkg:alpm/archlinux/apr@1.6.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1"}],"aliases":["CVE-2017-12613"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/370975","purl":"pkg:alpm/archlinux/apr@1.7.0-3","type":"alpm","namespace":"archlinux","name":"apr","version":"1.7.0-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80069","vulnerability_id":"VCID-xz52-5z1u-cuf9","summary":"apr: Regression of CVE-2017-12613 fix in apr 1.7","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35940","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17767","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17999","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18054","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17842","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17903","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17777","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.193","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19398","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19389","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19303","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19264","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19288","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19277","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19236","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1913","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19211","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980328","reference_id":"1980328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789","reference_id":"992789","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789"},{"reference_url":"https://security.archlinux.org/AVG-2313","reference_id":"AVG-2313","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2313"},{"reference_url":"https://usn.ubuntu.com/5056-1/","reference_id":"USN-5056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5056-1/"}],"fixed_packages":[],"aliases":["CVE-2021-35940"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz52-5z1u-cuf9"}],"fixing_vulnerabilities":[],"risk_score":"3.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.7.0-3"},{"url":"http://public2.vulnerablecode.io/api/packages/374959","purl":"pkg:alpm/archlinux/apr-util@1.6.0-1","type":"alpm","namespace":"archlinux","name":"apr-util","version":"1.6.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.1-1","latest_non_vulnerable_version":"1.6.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83868","vulnerability_id":"VCID-8d91-nmr2-hbg7","summary":"apr-util: Out-of-bounds access in corrupted SDBM database","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12618","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45242","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45261","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45264","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52782","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52794","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52713","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52658","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5271","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52798","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76121","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76108","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76123","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76173","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:M/C:N/I:N/A:P"},{"value":"2.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html"},{"reference_url":"http://www.securityfocus.com/bid/101558","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101558"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506532","reference_id":"1506532","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996","reference_id":"879996","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996"},{"reference_url":"https://security.archlinux.org/ASA-201710-33","reference_id":"ASA-201710-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-33"},{"reference_url":"https://security.archlinux.org/AVG-468","reference_id":"AVG-468","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-468"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12618","reference_id":"CVE-2017-12618","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12618"},{"reference_url":"https://usn.ubuntu.com/5737-1/","reference_id":"USN-5737-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5737-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374960","purl":"pkg:alpm/archlinux/apr-util@1.6.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1"}],"aliases":["CVE-2017-12618"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d91-nmr2-hbg7"}],"fixing_vulnerabilities":[],"risk_score":"2.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374960","purl":"pkg:alpm/archlinux/apr-util@1.6.1-1","type":"alpm","namespace":"archlinux","name":"apr-util","version":"1.6.1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83868","vulnerability_id":"VCID-8d91-nmr2-hbg7","summary":"apr-util: Out-of-bounds access in corrupted SDBM database","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12618","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45242","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45261","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45264","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52782","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52794","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52713","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52658","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5271","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52798","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76121","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76108","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76123","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76173","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:M/C:N/I:N/A:P"},{"value":"2.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html"},{"reference_url":"http://www.securityfocus.com/bid/101558","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101558"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506532","reference_id":"1506532","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996","reference_id":"879996","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996"},{"reference_url":"https://security.archlinux.org/ASA-201710-33","reference_id":"ASA-201710-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-33"},{"reference_url":"https://security.archlinux.org/AVG-468","reference_id":"AVG-468","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-468"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12618","reference_id":"CVE-2017-12618","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12618"},{"reference_url":"https://usn.ubuntu.com/5737-1/","reference_id":"USN-5737-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5737-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374960","purl":"pkg:alpm/archlinux/apr-util@1.6.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1"}],"aliases":["CVE-2017-12618"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d91-nmr2-hbg7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372072","purl":"pkg:alpm/archlinux/argocd@2.0.1-1","type":"alpm","namespace":"archlinux","name":"argocd","version":"2.0.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80271","vulnerability_id":"VCID-bpzz-9qe3-2kdg","summary":"argocd: ServiceAccount argocd-argocd-server is able to read all resources of the whole cluster","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3557.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3557.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3557","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39861","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40009","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39955","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40021","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40032","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39995","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40025","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39996","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39727","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39641","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39511","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39576","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39592","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39505","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3953","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39601","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3557"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961929","reference_id":"1961929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961929"},{"reference_url":"https://security.archlinux.org/AVG-1973","reference_id":"AVG-1973","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1973"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2053","reference_id":"RHSA-2021:2053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2053"}],"fixed_packages":[],"aliases":["CVE-2021-3557"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpzz-9qe3-2kdg"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/argocd@2.0.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373097","purl":"pkg:alpm/archlinux/ark@16.12.0-1","type":"alpm","namespace":"archlinux","name":"ark","version":"16.12.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"16.12.1-1","latest_non_vulnerable_version":"20.08.0-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36095","vulnerability_id":"VCID-ffje-day6-8qg2","summary":"A vulnerability in Ark might allow remote attackers to execute\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5330","reference_id":"","reference_type":"","scores":[{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.6709","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66991","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.6703","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.67003","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.67026","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66876","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66875","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66923","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66912","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66959","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66942","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66964","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66948","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5330"},{"reference_url":"https://bugs.kde.org/show_bug.cgi?id=374572","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.kde.org/show_bug.cgi?id=374572"},{"reference_url":"https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065","reference_id":"","reference_type":"","scores":[],"url":"https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/01/10/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/01/10/2"},{"reference_url":"http://www.securityfocus.com/bid/95349","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95349"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411819","reference_id":"1411819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411819"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874","reference_id":"850874","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874"},{"reference_url":"https://security.archlinux.org/ASA-201701-18","reference_id":"ASA-201701-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-18"},{"reference_url":"https://security.archlinux.org/AVG-130","reference_id":"AVG-130","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-130"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5330","reference_id":"CVE-2017-5330","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5330"},{"reference_url":"https://security.gentoo.org/glsa/201701-69","reference_id":"GLSA-201701-69","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373098","purl":"pkg:alpm/archlinux/ark@16.12.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1"}],"aliases":["CVE-2017-5330"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffje-day6-8qg2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373098","purl":"pkg:alpm/archlinux/ark@16.12.1-1","type":"alpm","namespace":"archlinux","name":"ark","version":"16.12.1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"20.08.0-2","latest_non_vulnerable_version":"20.08.0-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36095","vulnerability_id":"VCID-ffje-day6-8qg2","summary":"A vulnerability in Ark might allow remote attackers to execute\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5330","reference_id":"","reference_type":"","scores":[{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.6709","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66991","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.6703","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.67003","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.67026","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66876","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66875","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66923","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66912","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66959","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66942","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66964","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66948","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5330"},{"reference_url":"https://bugs.kde.org/show_bug.cgi?id=374572","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.kde.org/show_bug.cgi?id=374572"},{"reference_url":"https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065","reference_id":"","reference_type":"","scores":[],"url":"https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/01/10/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/01/10/2"},{"reference_url":"http://www.securityfocus.com/bid/95349","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95349"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411819","reference_id":"1411819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411819"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874","reference_id":"850874","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874"},{"reference_url":"https://security.archlinux.org/ASA-201701-18","reference_id":"ASA-201701-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-18"},{"reference_url":"https://security.archlinux.org/AVG-130","reference_id":"AVG-130","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-130"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5330","reference_id":"CVE-2017-5330","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5330"},{"reference_url":"https://security.gentoo.org/glsa/201701-69","reference_id":"GLSA-201701-69","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373098","purl":"pkg:alpm/archlinux/ark@16.12.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1"}],"aliases":["CVE-2017-5330"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffje-day6-8qg2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372333","purl":"pkg:alpm/archlinux/ark@20.08.0-1","type":"alpm","namespace":"archlinux","name":"ark","version":"20.08.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"20.08.0-2","latest_non_vulnerable_version":"20.08.0-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34685","vulnerability_id":"VCID-1573-ctpz-bfhh","summary":"Ark was found to allow arbitrary file overwrite, possibly allowing\n    arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24654","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74611","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74585","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74654","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74626","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.7458","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74894","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74912","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74965","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74815","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74852","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74859","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74863","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74921","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880358","reference_id":"1880358","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880358"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437","reference_id":"969437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437"},{"reference_url":"https://security.archlinux.org/ASA-202009-2","reference_id":"ASA-202009-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-2"},{"reference_url":"https://security.archlinux.org/AVG-1216","reference_id":"AVG-1216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1216"},{"reference_url":"https://security.gentoo.org/glsa/202010-06","reference_id":"GLSA-202010-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202010-06"},{"reference_url":"https://security.gentoo.org/glsa/202101-06","reference_id":"GLSA-202101-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-06"},{"reference_url":"https://usn.ubuntu.com/4482-1/","reference_id":"USN-4482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4482-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372334","purl":"pkg:alpm/archlinux/ark@20.08.0-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2"}],"aliases":["CVE-2020-24654"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1573-ctpz-bfhh"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372334","purl":"pkg:alpm/archlinux/ark@20.08.0-2","type":"alpm","namespace":"archlinux","name":"ark","version":"20.08.0-2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34685","vulnerability_id":"VCID-1573-ctpz-bfhh","summary":"Ark was found to allow arbitrary file overwrite, possibly allowing\n    arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24654","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74611","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74585","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74654","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74626","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.7458","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74894","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74912","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74965","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74815","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74852","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74859","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74863","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00845","scoring_system":"epss","scoring_elements":"0.74921","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880358","reference_id":"1880358","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880358"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437","reference_id":"969437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437"},{"reference_url":"https://security.archlinux.org/ASA-202009-2","reference_id":"ASA-202009-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-2"},{"reference_url":"https://security.archlinux.org/AVG-1216","reference_id":"AVG-1216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1216"},{"reference_url":"https://security.gentoo.org/glsa/202010-06","reference_id":"GLSA-202010-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202010-06"},{"reference_url":"https://security.gentoo.org/glsa/202101-06","reference_id":"GLSA-202101-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-06"},{"reference_url":"https://usn.ubuntu.com/4482-1/","reference_id":"USN-4482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4482-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372334","purl":"pkg:alpm/archlinux/ark@20.08.0-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2"}],"aliases":["CVE-2020-24654"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1573-ctpz-bfhh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373657","purl":"pkg:alpm/archlinux/arpwatch@3.1-1","type":"alpm","namespace":"archlinux","name":"arpwatch","version":"3.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80202","vulnerability_id":"VCID-h9sw-exyc-67dz","summary":"arpwatch: Local privilege escalation from runtime user to root","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25321.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25321","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08905","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08823","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08848","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0866","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08632","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08707","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08732","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08733","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08583","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0857","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08725","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08738","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08692","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08694","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0877","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08857","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25321"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977090","reference_id":"1977090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977090"},{"reference_url":"https://security.archlinux.org/AVG-2110","reference_id":"AVG-2110","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2110"}],"fixed_packages":[],"aliases":["CVE-2021-25321"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9sw-exyc-67dz"}],"fixing_vulnerabilities":[],"risk_score":"3.3","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/arpwatch@3.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373201","purl":"pkg:alpm/archlinux/aspell@0.60.8-2","type":"alpm","namespace":"archlinux","name":"aspell","version":"0.60.8-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.60.8-3","latest_non_vulnerable_version":"0.60.8-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30950","vulnerability_id":"VCID-rtxt-2zns-byan","summary":"A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25051","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1378","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13812","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13905","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13962","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13764","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13855","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1377","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13673","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13736","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13652","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.137","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13785","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984066","reference_id":"1984066","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984066"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307","reference_id":"991307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307"},{"reference_url":"https://security.archlinux.org/AVG-2178","reference_id":"AVG-2178","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2178"},{"reference_url":"https://security.gentoo.org/glsa/202402-31","reference_id":"GLSA-202402-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1808","reference_id":"RHSA-2022:1808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1808"},{"reference_url":"https://usn.ubuntu.com/5023-1/","reference_id":"USN-5023-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5023-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373202","purl":"pkg:alpm/archlinux/aspell@0.60.8-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3"}],"aliases":["CVE-2019-25051"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxt-2zns-byan"}],"fixing_vulnerabilities":[],"risk_score":"3.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373202","purl":"pkg:alpm/archlinux/aspell@0.60.8-3","type":"alpm","namespace":"archlinux","name":"aspell","version":"0.60.8-3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30950","vulnerability_id":"VCID-rtxt-2zns-byan","summary":"A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25051","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1378","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13812","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13905","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13962","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13764","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13855","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1377","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13673","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13736","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13652","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.137","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13785","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984066","reference_id":"1984066","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984066"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307","reference_id":"991307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307"},{"reference_url":"https://security.archlinux.org/AVG-2178","reference_id":"AVG-2178","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2178"},{"reference_url":"https://security.gentoo.org/glsa/202402-31","reference_id":"GLSA-202402-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1808","reference_id":"RHSA-2022:1808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1808"},{"reference_url":"https://usn.ubuntu.com/5023-1/","reference_id":"USN-5023-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5023-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373202","purl":"pkg:alpm/archlinux/aspell@0.60.8-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3"}],"aliases":["CVE-2019-25051"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxt-2zns-byan"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3"},{"url":"http://public2.vulnerablecode.io/api/packages/373688","purl":"pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1","type":"alpm","namespace":"archlinux","name":"aspnet-runtime","version":"5.0.6.sdk203-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.7.sdk204-1","latest_non_vulnerable_version":"5.0.7.sdk204-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34408","vulnerability_id":"VCID-mkvc-qau4-tqcd","summary":"# Withdrawn\n\nThis advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package.  Thus we have withdrawn this advisory.\n\nThe underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.\n\n# Description.\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\n\n\n### Patches\n\n* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31957","reference_id":"","reference_type":"","scores":[{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91324","published_at":"2026-04-12T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91274","published_at":"2026-04-01T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91308","published_at":"2026-04-08T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91358","published_at":"2026-04-24T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92652","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92646","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92644","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.9262","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92611","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92675","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31957"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31957","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31957"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966990","reference_id":"1966990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966990"},{"reference_url":"https://security.archlinux.org/ASA-202106-37","reference_id":"ASA-202106-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-37"},{"reference_url":"https://security.archlinux.org/AVG-2046","reference_id":"AVG-2046","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2046"},{"reference_url":"https://github.com/advisories/GHSA-mcwm-2wmc-6hv4","reference_id":"GHSA-mcwm-2wmc-6hv4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcwm-2wmc-6hv4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2350","reference_id":"RHSA-2021:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2351","reference_id":"RHSA-2021:2351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2352","reference_id":"RHSA-2021:2352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2353","reference_id":"RHSA-2021:2353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2353"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373689","purl":"pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1"}],"aliases":["CVE-2021-31957","GHSA-mcwm-2wmc-6hv4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373689","purl":"pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1","type":"alpm","namespace":"archlinux","name":"aspnet-runtime","version":"5.0.7.sdk204-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34408","vulnerability_id":"VCID-mkvc-qau4-tqcd","summary":"# Withdrawn\n\nThis advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package.  Thus we have withdrawn this advisory.\n\nThe underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.\n\n# Description.\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\n\n\n### Patches\n\n* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31957","reference_id":"","reference_type":"","scores":[{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91324","published_at":"2026-04-12T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91274","published_at":"2026-04-01T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91308","published_at":"2026-04-08T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91358","published_at":"2026-04-24T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.068","scoring_system":"epss","scoring_elements":"0.91323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92652","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92646","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92644","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.9262","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92611","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08957","scoring_system":"epss","scoring_elements":"0.92675","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31957"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31957","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31957"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966990","reference_id":"1966990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966990"},{"reference_url":"https://security.archlinux.org/ASA-202106-37","reference_id":"ASA-202106-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-37"},{"reference_url":"https://security.archlinux.org/AVG-2046","reference_id":"AVG-2046","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2046"},{"reference_url":"https://github.com/advisories/GHSA-mcwm-2wmc-6hv4","reference_id":"GHSA-mcwm-2wmc-6hv4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcwm-2wmc-6hv4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2350","reference_id":"RHSA-2021:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2351","reference_id":"RHSA-2021:2351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2352","reference_id":"RHSA-2021:2352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2353","reference_id":"RHSA-2021:2353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2353"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373689","purl":"pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1"}],"aliases":["CVE-2021-31957","GHSA-mcwm-2wmc-6hv4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374159","purl":"pkg:alpm/archlinux/atftp@0.7.2-2","type":"alpm","namespace":"archlinux","name":"atftp","version":"0.7.2-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.7.2-3","latest_non_vulnerable_version":"0.7.5-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94617","vulnerability_id":"VCID-r2dj-7m5m-7fgq","summary":"An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6097","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52324","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52243","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52168","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52212","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52257","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52303","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52272","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5231","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52244","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52216","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52213","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52219","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066","reference_id":"970066","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066"},{"reference_url":"https://security.archlinux.org/ASA-202101-24","reference_id":"ASA-202101-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-24"},{"reference_url":"https://security.archlinux.org/AVG-1395","reference_id":"AVG-1395","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1395"},{"reference_url":"https://usn.ubuntu.com/6334-1/","reference_id":"USN-6334-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6334-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374160","purl":"pkg:alpm/archlinux/atftp@0.7.2-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3"}],"aliases":["CVE-2020-6097"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2dj-7m5m-7fgq"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/374160","purl":"pkg:alpm/archlinux/atftp@0.7.2-3","type":"alpm","namespace":"archlinux","name":"atftp","version":"0.7.2-3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.7.5-1","latest_non_vulnerable_version":"0.7.5-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94617","vulnerability_id":"VCID-r2dj-7m5m-7fgq","summary":"An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6097","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52324","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52243","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52168","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52212","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52257","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52303","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52272","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5231","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52244","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52216","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52213","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52219","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066","reference_id":"970066","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066"},{"reference_url":"https://security.archlinux.org/ASA-202101-24","reference_id":"ASA-202101-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-24"},{"reference_url":"https://security.archlinux.org/AVG-1395","reference_id":"AVG-1395","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1395"},{"reference_url":"https://usn.ubuntu.com/6334-1/","reference_id":"USN-6334-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6334-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374160","purl":"pkg:alpm/archlinux/atftp@0.7.2-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3"}],"aliases":["CVE-2020-6097"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2dj-7m5m-7fgq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3"},{"url":"http://public2.vulnerablecode.io/api/packages/373469","purl":"pkg:alpm/archlinux/atftp@0.7.4-1","type":"alpm","namespace":"archlinux","name":"atftp","version":"0.7.4-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.7.5-1","latest_non_vulnerable_version":"0.7.5-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94915","vulnerability_id":"VCID-8gv8-qwdd-5fd2","summary":"tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41054","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65429","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65372","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65176","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65251","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65217","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65267","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6528","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65298","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65285","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65258","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65292","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65302","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65299","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65309","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65336","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65381","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65351","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895","reference_id":"994895","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895"},{"reference_url":"https://security.archlinux.org/AVG-2381","reference_id":"AVG-2381","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2381"},{"reference_url":"https://usn.ubuntu.com/6334-1/","reference_id":"USN-6334-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6334-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373470","purl":"pkg:alpm/archlinux/atftp@0.7.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1"}],"aliases":["CVE-2021-41054"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gv8-qwdd-5fd2"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.4-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373470","purl":"pkg:alpm/archlinux/atftp@0.7.5-1","type":"alpm","namespace":"archlinux","name":"atftp","version":"0.7.5-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94915","vulnerability_id":"VCID-8gv8-qwdd-5fd2","summary":"tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41054","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65429","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65372","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65176","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65251","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65217","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65267","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6528","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65298","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65285","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65258","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65292","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65302","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65299","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65309","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65336","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65381","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65351","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895","reference_id":"994895","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895"},{"reference_url":"https://security.archlinux.org/AVG-2381","reference_id":"AVG-2381","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2381"},{"reference_url":"https://usn.ubuntu.com/6334-1/","reference_id":"USN-6334-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6334-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373470","purl":"pkg:alpm/archlinux/atftp@0.7.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1"}],"aliases":["CVE-2021-41054"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gv8-qwdd-5fd2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373576","purl":"pkg:alpm/archlinux/atomicparsley@20210617.200601.1ac7c08-1","type":"alpm","namespace":"archlinux","name":"atomicparsley","version":"20210617.200601.1ac7c08-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"20210715.151551.e7ad03a-1","latest_non_vulnerable_version":"20210715.151551.e7ad03a-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35808","vulnerability_id":"VCID-w4tx-u3hz-qqet","summary":"Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37232","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69123","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69228","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69216","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69267","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69275","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69283","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6914","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6919","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69209","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69231","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71016","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71085","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.7114","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71058","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71055","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71093","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366","reference_id":"993366","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366"},{"reference_url":"https://security.archlinux.org/AVG-2253","reference_id":"AVG-2253","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2253"},{"reference_url":"https://security.gentoo.org/glsa/202305-01","reference_id":"GLSA-202305-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373577","purl":"pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1"}],"aliases":["CVE-2021-37232"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4tx-u3hz-qqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35807","vulnerability_id":"VCID-wbxk-gdmk-yudc","summary":"Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37231","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41473","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41543","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4156","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4147","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41496","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56974","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56979","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56953","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56892","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5691","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56894","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56976","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56935","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56956","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56932","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56986","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372","reference_id":"993372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375","reference_id":"993375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375"},{"reference_url":"https://security.archlinux.org/AVG-2253","reference_id":"AVG-2253","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2253"},{"reference_url":"https://security.gentoo.org/glsa/202305-01","reference_id":"GLSA-202305-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373577","purl":"pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1"}],"aliases":["CVE-2021-37231"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbxk-gdmk-yudc"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210617.200601.1ac7c08-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373577","purl":"pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1","type":"alpm","namespace":"archlinux","name":"atomicparsley","version":"20210715.151551.e7ad03a-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35808","vulnerability_id":"VCID-w4tx-u3hz-qqet","summary":"Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37232","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69123","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69228","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69216","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69267","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69275","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69283","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6914","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6919","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69209","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69231","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71016","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71085","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.7114","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71058","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71055","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71093","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366","reference_id":"993366","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366"},{"reference_url":"https://security.archlinux.org/AVG-2253","reference_id":"AVG-2253","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2253"},{"reference_url":"https://security.gentoo.org/glsa/202305-01","reference_id":"GLSA-202305-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373577","purl":"pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1"}],"aliases":["CVE-2021-37232"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4tx-u3hz-qqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35807","vulnerability_id":"VCID-wbxk-gdmk-yudc","summary":"Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37231","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41473","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41543","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4156","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4147","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41496","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56974","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56979","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56953","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56892","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5691","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56894","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56976","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56935","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56956","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56932","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56986","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372","reference_id":"993372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375","reference_id":"993375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375"},{"reference_url":"https://security.archlinux.org/AVG-2253","reference_id":"AVG-2253","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2253"},{"reference_url":"https://security.gentoo.org/glsa/202305-01","reference_id":"GLSA-202305-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373577","purl":"pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1"}],"aliases":["CVE-2021-37231"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbxk-gdmk-yudc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374322","purl":"pkg:alpm/archlinux/aubio@0.4.8-1","type":"alpm","namespace":"archlinux","name":"aubio","version":"0.4.8-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.4.9-1","latest_non_vulnerable_version":"0.4.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5892","vulnerability_id":"VCID-7kh4-36ar-vqdc","summary":"aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19802","reference_id":"","reference_type":"","scores":[{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77594","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77527","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77539","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77546","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77788","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77803","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.7783","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77848","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77842","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77875","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77908","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77938","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802"},{"reference_url":"https://github.com/advisories/GHSA-c6jq-h4jp-72pr","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6jq-h4jp-72pr"},{"reference_url":"https://github.com/aubio/aubio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186","reference_id":"930186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186"},{"reference_url":"https://security.archlinux.org/ASA-201902-8","reference_id":"ASA-201902-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-8"},{"reference_url":"https://security.archlinux.org/AVG-888","reference_id":"AVG-888","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19802","reference_id":"CVE-2018-19802","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19802"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"}],"aliases":["CVE-2018-19802","GHSA-c6jq-h4jp-72pr","PYSEC-2019-164"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh4-36ar-vqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5891","vulnerability_id":"VCID-bgwj-p1y1-mycb","summary":"aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19800","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71587","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.715","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71534","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.7153","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73323","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73356","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73328","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73365","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73401","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73374","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73416","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73424","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73418","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73451","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73455","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.7348","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800"},{"reference_url":"https://github.com/advisories/GHSA-grmf-4fq6-2r79","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-grmf-4fq6-2r79"},{"reference_url":"https://github.com/aubio/aubio","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186","reference_id":"930186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186"},{"reference_url":"https://security.archlinux.org/ASA-201902-8","reference_id":"ASA-201902-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-8"},{"reference_url":"https://security.archlinux.org/AVG-888","reference_id":"AVG-888","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19800","reference_id":"CVE-2018-19800","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19800"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"}],"aliases":["CVE-2018-19800","GHSA-grmf-4fq6-2r79","PYSEC-2019-162"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwj-p1y1-mycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5893","vulnerability_id":"VCID-k5dk-dngq-3ycy","summary":"aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19801","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68926","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68935","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.6898","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68901","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69438","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69369","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69498","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6952","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69515","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69473","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69415","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69358","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69365","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69386","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69431","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801"},{"reference_url":"https://github.com/advisories/GHSA-7vvr-h4p5-m7fh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vvr-h4p5-m7fh"},{"reference_url":"https://github.com/aubio/aubio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19801"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186","reference_id":"930186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186"},{"reference_url":"https://security.archlinux.org/ASA-201902-8","reference_id":"ASA-201902-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-8"},{"reference_url":"https://security.archlinux.org/AVG-888","reference_id":"AVG-888","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"}],"aliases":["CVE-2018-19801","GHSA-7vvr-h4p5-m7fh","PYSEC-2019-163"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5dk-dngq-3ycy"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.8-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","type":"alpm","namespace":"archlinux","name":"aubio","version":"0.4.9-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5892","vulnerability_id":"VCID-7kh4-36ar-vqdc","summary":"aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19802","reference_id":"","reference_type":"","scores":[{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77594","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77527","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77539","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77546","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77788","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77803","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.7783","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77848","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77842","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77875","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77908","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77938","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802"},{"reference_url":"https://github.com/advisories/GHSA-c6jq-h4jp-72pr","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6jq-h4jp-72pr"},{"reference_url":"https://github.com/aubio/aubio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186","reference_id":"930186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186"},{"reference_url":"https://security.archlinux.org/ASA-201902-8","reference_id":"ASA-201902-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-8"},{"reference_url":"https://security.archlinux.org/AVG-888","reference_id":"AVG-888","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19802","reference_id":"CVE-2018-19802","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19802"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"}],"aliases":["CVE-2018-19802","GHSA-c6jq-h4jp-72pr","PYSEC-2019-164"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh4-36ar-vqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5891","vulnerability_id":"VCID-bgwj-p1y1-mycb","summary":"aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19800","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71587","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.715","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71534","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.7153","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73323","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73356","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73328","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73365","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73401","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73374","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73416","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73424","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73418","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73451","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73455","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.7348","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800"},{"reference_url":"https://github.com/advisories/GHSA-grmf-4fq6-2r79","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-grmf-4fq6-2r79"},{"reference_url":"https://github.com/aubio/aubio","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186","reference_id":"930186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186"},{"reference_url":"https://security.archlinux.org/ASA-201902-8","reference_id":"ASA-201902-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-8"},{"reference_url":"https://security.archlinux.org/AVG-888","reference_id":"AVG-888","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19800","reference_id":"CVE-2018-19800","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19800"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"}],"aliases":["CVE-2018-19800","GHSA-grmf-4fq6-2r79","PYSEC-2019-162"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwj-p1y1-mycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5893","vulnerability_id":"VCID-k5dk-dngq-3ycy","summary":"aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19801","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68926","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68935","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.6898","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68901","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69438","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69369","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69498","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6952","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69515","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69473","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69415","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69358","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69365","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69386","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69431","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801"},{"reference_url":"https://github.com/advisories/GHSA-7vvr-h4p5-m7fh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vvr-h4p5-m7fh"},{"reference_url":"https://github.com/aubio/aubio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19801"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186","reference_id":"930186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186"},{"reference_url":"https://security.archlinux.org/ASA-201902-8","reference_id":"ASA-201902-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-8"},{"reference_url":"https://security.archlinux.org/AVG-888","reference_id":"AVG-888","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374323","purl":"pkg:alpm/archlinux/aubio@0.4.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"}],"aliases":["CVE-2018-19801","GHSA-7vvr-h4p5-m7fh","PYSEC-2019-163"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5dk-dngq-3ycy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371003","purl":"pkg:alpm/archlinux/audacity@1:2.4.1-4","type":"alpm","namespace":"archlinux","name":"audacity","version":"1:2.4.1-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94339","vulnerability_id":"VCID-veb9-7659-wfg7","summary":"Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11867","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30307","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30749","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30876","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30801","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30833","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30835","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3079","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3077","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3075","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30716","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30209","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30279","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30214","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30236","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976874","reference_id":"976874","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976874"},{"reference_url":"https://security.archlinux.org/AVG-1311","reference_id":"AVG-1311","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1311"},{"reference_url":"https://usn.ubuntu.com/7211-1/","reference_id":"USN-7211-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7211-1/"}],"fixed_packages":[],"aliases":["CVE-2020-11867"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-veb9-7659-wfg7"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audacity@1:2.4.1-4"},{"url":"http://public2.vulnerablecode.io/api/packages/373055","purl":"pkg:alpm/archlinux/audiofile@0.3.6-3","type":"alpm","namespace":"archlinux","name":"audiofile","version":"0.3.6-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.3.6-4","latest_non_vulnerable_version":"0.3.6-4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84556","vulnerability_id":"VCID-2fxt-mcp5-vkdz","summary":"audiofile: Index out of bounds for type int16_t","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6837","reference_id":"","reference_type":"","scores":[{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90856","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90825","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90837","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90834","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90844","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90735","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90746","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90757","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90788","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90783","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90789","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90807","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6837"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"},{"reference_url":"https://github.com/mpruett/audiofile/issues/41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/41"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"reference_url":"http://www.securityfocus.com/bid/97314","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97314"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432942","reference_id":"1432942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432942"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6837","reference_id":"CVE-2017-6837","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6837"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6837"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxt-mcp5-vkdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84547","vulnerability_id":"VCID-411s-5r62-zubr","summary":"audiofile: Heap-based buffer overflow in readValue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6828","reference_id":"","reference_type":"","scores":[{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95092","published_at":"2026-05-14T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95041","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95043","published_at":"2026-04-29T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95042","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95059","published_at":"2026-05-07T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95069","published_at":"2026-05-09T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-05-11T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-05-12T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95028","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95037","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.9571","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95719","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.9573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95746","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432925","reference_id":"1432925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432925"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6828"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-411s-5r62-zubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84550","vulnerability_id":"VCID-5ckf-qbbb-57f7","summary":"audiofile: Heap-based buffer overflow in IMA::decodeBlockWAVE","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6831","reference_id":"","reference_type":"","scores":[{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86237","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86083","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.861","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86105","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86098","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86118","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86169","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86188","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86184","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89149","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89123","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89126","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89144","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6831"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"},{"reference_url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"},{"reference_url":"https://github.com/mpruett/audiofile/issues/35","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/35"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/3"},{"reference_url":"http://www.securityfocus.com/bid/97588","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97588"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432930","reference_id":"1432930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432930"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6831","reference_id":"CVE-2017-6831","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6831"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6831"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ckf-qbbb-57f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84549","vulnerability_id":"VCID-87tp-awyv-4yad","summary":"audiofile: Heap-based buffer overflow in alaw2linear_buf","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6830","reference_id":"","reference_type":"","scores":[{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89687","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89594","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89608","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.8961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.8962","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89624","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89633","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89651","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89664","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.8966","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89669","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91337","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91341","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91359","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6830"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/34","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/34"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432929","reference_id":"1432929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432929"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6830","reference_id":"CVE-2017-6830","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6830"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6830"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87tp-awyv-4yad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84554","vulnerability_id":"VCID-913x-rwya-xbgt","summary":"audiofile: Heap-based buffer overflow in Expand3To4Module::run","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6836","reference_id":"","reference_type":"","scores":[{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89782","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89758","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89754","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89763","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89655","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.8967","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89702","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89701","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89694","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.8971","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89705","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.8972","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89722","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89721","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89732","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89747","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6836"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/40","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/40"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432937","reference_id":"1432937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432937"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6836","reference_id":"CVE-2017-6836","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6836"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6836"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-913x-rwya-xbgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84557","vulnerability_id":"VCID-aeat-dx5y-dfgr","summary":"audiofile: Signed integer overflow in sfconvert.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6838","reference_id":"","reference_type":"","scores":[{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90516","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6838"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"},{"reference_url":"https://github.com/mpruett/audiofile/issues/41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/41"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432943","reference_id":"1432943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6838","reference_id":"CVE-2017-6838","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6838"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6838"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aeat-dx5y-dfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84552","vulnerability_id":"VCID-gg9m-4dyw-3ub1","summary":"audiofile: Divide-by-zero in BlockCodec::runPull","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6833","reference_id":"","reference_type":"","scores":[{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90516","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6833"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/37","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/37"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432933","reference_id":"1432933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432933"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6833","reference_id":"CVE-2017-6833","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6833"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6833"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg9m-4dyw-3ub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84555","vulnerability_id":"VCID-j162-684h-wqak","summary":"audiofile: Divide-by-zero in BlockCodec::reset1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6835","reference_id":"","reference_type":"","scores":[{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89011","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.8916","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89137","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89133","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89143","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89019","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89054","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89079","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89075","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89093","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.891","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89103","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.8911","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89127","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6835"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/39","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/39"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432939","reference_id":"1432939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432939"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6835","reference_id":"CVE-2017-6835","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6835"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6835"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-684h-wqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84546","vulnerability_id":"VCID-nmab-8ky6-nyb4","summary":"audiofile: Heap-based buffer overflow in MSADPCM::initializeCoefficients","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6827","reference_id":"","reference_type":"","scores":[{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.9692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96928","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96936","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96944","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96946","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96949","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.9695","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96951","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96964","published_at":"2026-04-24T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96969","published_at":"2026-04-29T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96978","published_at":"2026-05-07T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96985","published_at":"2026-05-09T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96986","published_at":"2026-05-11T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96992","published_at":"2026-05-12T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.97003","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432924","reference_id":"1432924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432924"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6827"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmab-8ky6-nyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84558","vulnerability_id":"VCID-qw16-rfw7-2qdk","summary":"audiofile: Signed integer overflow in MSADPCM.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6839","reference_id":"","reference_type":"","scores":[{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89011","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89019","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89054","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90516","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6839"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"reference_url":"https://github.com/mpruett/audiofile/issues/41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/41"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432944","reference_id":"1432944","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432944"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6839","reference_id":"CVE-2017-6839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6839"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6839"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw16-rfw7-2qdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84553","vulnerability_id":"VCID-sekd-w6gm-67dv","summary":"audiofile: Heap-based buffer overflow in ulaw2linear_buf","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6834","reference_id":"","reference_type":"","scores":[{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88989","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.8891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88909","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88929","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88939","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88955","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88967","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.8896","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.8897","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91337","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91341","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91359","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6834"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/mpruett/audiofile/issues/38","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/38"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432935","reference_id":"1432935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432935"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6834","reference_id":"CVE-2017-6834","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6834"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6834"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sekd-w6gm-67dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84548","vulnerability_id":"VCID-sfj3-8vbt-bkfp","summary":"audiofile: Global buffer overflow in decodeSample","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6829","reference_id":"","reference_type":"","scores":[{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89166","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89315","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89286","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89284","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89294","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89173","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89189","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89218","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89228","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89223","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89246","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89249","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89258","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89275","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6829"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"},{"reference_url":"https://github.com/mpruett/audiofile/issues/33","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/33"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/1"},{"reference_url":"http://www.securityfocus.com/bid/97189","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97189"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432928","reference_id":"1432928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432928"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6829","reference_id":"CVE-2017-6829","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6829"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfj3-8vbt-bkfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84551","vulnerability_id":"VCID-ur9b-fgja-r7he","summary":"audiofile: Heap-based buffer overflow in MSADPCM::decodeBlock","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6832","reference_id":"","reference_type":"","scores":[{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8925","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89224","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8923","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89123","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89126","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89144","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89149","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89179","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89189","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89197","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89213","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6832"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/36"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/4"},{"reference_url":"http://www.securityfocus.com/bid/97589","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432932","reference_id":"1432932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432932"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6832","reference_id":"CVE-2017-6832","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6832"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6832"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9b-fgja-r7he"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","type":"alpm","namespace":"archlinux","name":"audiofile","version":"0.3.6-4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84556","vulnerability_id":"VCID-2fxt-mcp5-vkdz","summary":"audiofile: Index out of bounds for type int16_t","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6837","reference_id":"","reference_type":"","scores":[{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90856","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90825","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90837","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90834","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90844","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90735","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90746","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90757","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90788","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90783","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90789","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06086","scoring_system":"epss","scoring_elements":"0.90807","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6837"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"},{"reference_url":"https://github.com/mpruett/audiofile/issues/41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/41"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"reference_url":"http://www.securityfocus.com/bid/97314","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97314"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432942","reference_id":"1432942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432942"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6837","reference_id":"CVE-2017-6837","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6837"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6837"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxt-mcp5-vkdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84547","vulnerability_id":"VCID-411s-5r62-zubr","summary":"audiofile: Heap-based buffer overflow in readValue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6828","reference_id":"","reference_type":"","scores":[{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95092","published_at":"2026-05-14T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95041","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95043","published_at":"2026-04-29T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95042","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95059","published_at":"2026-05-07T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95069","published_at":"2026-05-09T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-05-11T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-05-12T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95028","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17241","scoring_system":"epss","scoring_elements":"0.95037","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.9571","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95719","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.9573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21753","scoring_system":"epss","scoring_elements":"0.95746","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432925","reference_id":"1432925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432925"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6828"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-411s-5r62-zubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84550","vulnerability_id":"VCID-5ckf-qbbb-57f7","summary":"audiofile: Heap-based buffer overflow in IMA::decodeBlockWAVE","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6831","reference_id":"","reference_type":"","scores":[{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86237","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86083","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.861","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86105","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86098","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86118","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86169","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86188","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86184","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02789","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89149","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89123","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89126","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89144","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6831"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"},{"reference_url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"},{"reference_url":"https://github.com/mpruett/audiofile/issues/35","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/35"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/3"},{"reference_url":"http://www.securityfocus.com/bid/97588","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97588"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432930","reference_id":"1432930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432930"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6831","reference_id":"CVE-2017-6831","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6831"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6831"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ckf-qbbb-57f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84549","vulnerability_id":"VCID-87tp-awyv-4yad","summary":"audiofile: Heap-based buffer overflow in alaw2linear_buf","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6830","reference_id":"","reference_type":"","scores":[{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89687","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89594","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89608","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.8961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.8962","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89624","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89633","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89651","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89664","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.8966","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04897","scoring_system":"epss","scoring_elements":"0.89669","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91337","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91341","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91359","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6830"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/34","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/34"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432929","reference_id":"1432929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432929"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6830","reference_id":"CVE-2017-6830","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6830"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6830"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87tp-awyv-4yad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84554","vulnerability_id":"VCID-913x-rwya-xbgt","summary":"audiofile: Heap-based buffer overflow in Expand3To4Module::run","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6836","reference_id":"","reference_type":"","scores":[{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89782","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89758","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89754","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89763","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89655","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.8967","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89702","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89701","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89694","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.8971","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89705","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.8972","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89722","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89721","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89732","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04984","scoring_system":"epss","scoring_elements":"0.89747","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6836"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/40","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/40"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432937","reference_id":"1432937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432937"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6836","reference_id":"CVE-2017-6836","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6836"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6836"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-913x-rwya-xbgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84557","vulnerability_id":"VCID-aeat-dx5y-dfgr","summary":"audiofile: Signed integer overflow in sfconvert.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6838","reference_id":"","reference_type":"","scores":[{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90516","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6838"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"},{"reference_url":"https://github.com/mpruett/audiofile/issues/41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/41"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432943","reference_id":"1432943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6838","reference_id":"CVE-2017-6838","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6838"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6838"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aeat-dx5y-dfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84552","vulnerability_id":"VCID-gg9m-4dyw-3ub1","summary":"audiofile: Divide-by-zero in BlockCodec::runPull","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6833","reference_id":"","reference_type":"","scores":[{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90516","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6833"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/37","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/37"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432933","reference_id":"1432933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432933"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6833","reference_id":"CVE-2017-6833","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6833"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6833"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg9m-4dyw-3ub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84555","vulnerability_id":"VCID-j162-684h-wqak","summary":"audiofile: Divide-by-zero in BlockCodec::reset1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6835","reference_id":"","reference_type":"","scores":[{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89011","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.8916","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89137","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89133","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89143","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89019","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89054","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89079","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89075","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89093","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.891","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89103","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.8911","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89127","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6835"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/39","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/39"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432939","reference_id":"1432939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432939"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6835","reference_id":"CVE-2017-6835","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6835"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6835"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-684h-wqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84546","vulnerability_id":"VCID-nmab-8ky6-nyb4","summary":"audiofile: Heap-based buffer overflow in MSADPCM::initializeCoefficients","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6827","reference_id":"","reference_type":"","scores":[{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.9692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96928","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96936","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96944","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96946","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96949","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.9695","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96951","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96964","published_at":"2026-04-24T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96969","published_at":"2026-04-29T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96978","published_at":"2026-05-07T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96985","published_at":"2026-05-09T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96986","published_at":"2026-05-11T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.96992","published_at":"2026-05-12T12:55:00Z"},{"value":"0.33778","scoring_system":"epss","scoring_elements":"0.97003","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432924","reference_id":"1432924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432924"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6827"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmab-8ky6-nyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84558","vulnerability_id":"VCID-qw16-rfw7-2qdk","summary":"audiofile: Signed integer overflow in MSADPCM.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6839","reference_id":"","reference_type":"","scores":[{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89011","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89019","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89054","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04451","scoring_system":"epss","scoring_elements":"0.89071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90516","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05773","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6839"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"reference_url":"https://github.com/mpruett/audiofile/issues/41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/41"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432944","reference_id":"1432944","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432944"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6839","reference_id":"CVE-2017-6839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6839"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6839"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw16-rfw7-2qdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84553","vulnerability_id":"VCID-sekd-w6gm-67dv","summary":"audiofile: Heap-based buffer overflow in ulaw2linear_buf","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6834","reference_id":"","reference_type":"","scores":[{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88989","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.8891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88909","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88929","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88939","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88955","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.88967","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.8896","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.8897","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91337","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91341","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06895","scoring_system":"epss","scoring_elements":"0.91359","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6834"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/mpruett/audiofile/issues/38","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/38"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432935","reference_id":"1432935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432935"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6834","reference_id":"CVE-2017-6834","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6834"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6834"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sekd-w6gm-67dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84548","vulnerability_id":"VCID-sfj3-8vbt-bkfp","summary":"audiofile: Global buffer overflow in decodeSample","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6829","reference_id":"","reference_type":"","scores":[{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89166","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89315","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89286","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89284","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89294","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89173","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89189","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89218","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89228","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89223","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89246","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89249","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89258","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04576","scoring_system":"epss","scoring_elements":"0.89275","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6829"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"},{"reference_url":"https://github.com/mpruett/audiofile/issues/33","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/33"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/1"},{"reference_url":"http://www.securityfocus.com/bid/97189","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97189"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432928","reference_id":"1432928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432928"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6829","reference_id":"CVE-2017-6829","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6829"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfj3-8vbt-bkfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84551","vulnerability_id":"VCID-ur9b-fgja-r7he","summary":"audiofile: Heap-based buffer overflow in MSADPCM::decodeBlock","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6832","reference_id":"","reference_type":"","scores":[{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8925","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89224","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8923","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89123","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89126","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89144","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89149","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.8916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89179","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89189","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89197","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04517","scoring_system":"epss","scoring_elements":"0.89213","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6832"},{"reference_url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839"},{"reference_url":"https://github.com/mpruett/audiofile/issues/36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/issues/36"},{"reference_url":"https://github.com/mpruett/audiofile/pull/42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpruett/audiofile/pull/42"},{"reference_url":"http://www.debian.org/security/2017/dsa-3814","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3814"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/13/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/13/4"},{"reference_url":"http://www.securityfocus.com/bid/97589","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432932","reference_id":"1432932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432932"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651","reference_id":"857651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651"},{"reference_url":"https://security.archlinux.org/ASA-201708-9","reference_id":"ASA-201708-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-9"},{"reference_url":"https://security.archlinux.org/AVG-205","reference_id":"AVG-205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6832","reference_id":"CVE-2017-6832","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6832"},{"reference_url":"https://usn.ubuntu.com/3241-1/","reference_id":"USN-3241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373056","purl":"pkg:alpm/archlinux/audiofile@0.3.6-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"}],"aliases":["CVE-2017-6832"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9b-fgja-r7he"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/374765","purl":"pkg:alpm/archlinux/avahi@0.8%2B20%2Bgd1e71b3-1","type":"alpm","namespace":"archlinux","name":"avahi","version":"0.8+20+gd1e71b3-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.8+22+gfd482a7-1","latest_non_vulnerable_version":"1:0.8+r127+g55d783d-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80482","vulnerability_id":"VCID-hjrp-3yew-wqeg","summary":"avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3502","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09103","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09352","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09248","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09272","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09108","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09196","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09166","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09152","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09225","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09169","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0914","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09216","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09285","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914","reference_id":"1946914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018","reference_id":"986018","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018"},{"reference_url":"https://security.archlinux.org/AVG-2341","reference_id":"AVG-2341","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6707","reference_id":"RHSA-2023:6707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6707"},{"reference_url":"https://usn.ubuntu.com/5008-1/","reference_id":"USN-5008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5008-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374766","purl":"pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1"}],"aliases":["CVE-2021-3502"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrp-3yew-wqeg"}],"fixing_vulnerabilities":[],"risk_score":"2.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B20%252Bgd1e71b3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374766","purl":"pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1","type":"alpm","namespace":"archlinux","name":"avahi","version":"0.8+22+gfd482a7-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:0.8+r127+g55d783d-1","latest_non_vulnerable_version":"1:0.8+r127+g55d783d-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80482","vulnerability_id":"VCID-hjrp-3yew-wqeg","summary":"avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3502","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09103","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09352","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09248","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09272","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09108","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09196","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09166","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09152","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09225","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09169","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0914","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09216","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09285","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914","reference_id":"1946914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018","reference_id":"986018","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018"},{"reference_url":"https://security.archlinux.org/AVG-2341","reference_id":"AVG-2341","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6707","reference_id":"RHSA-2023:6707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6707"},{"reference_url":"https://usn.ubuntu.com/5008-1/","reference_id":"USN-5008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5008-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374766","purl":"pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1"}],"aliases":["CVE-2021-3502"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrp-3yew-wqeg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374690","purl":"pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-3","type":"alpm","namespace":"archlinux","name":"avahi","version":"0.8+22+gfd482a7-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:0.8+r127+g55d783d-1","latest_non_vulnerable_version":"1:0.8+r127+g55d783d-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80528","vulnerability_id":"VCID-rpzc-ryw1-p7e5","summary":"avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3468","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08621","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08894","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08812","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08837","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08697","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08617","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08695","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08682","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08713","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08726","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0868","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08683","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08759","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614","reference_id":"1939614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938","reference_id":"984938","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938"},{"reference_url":"https://security.archlinux.org/AVG-1742","reference_id":"AVG-1742","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6707","reference_id":"RHSA-2023:6707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7836","reference_id":"RHSA-2023:7836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0418","reference_id":"RHSA-2024:0418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0576","reference_id":"RHSA-2024:0576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0576"},{"reference_url":"https://usn.ubuntu.com/5008-1/","reference_id":"USN-5008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5008-1/"},{"reference_url":"https://usn.ubuntu.com/5008-2/","reference_id":"USN-5008-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5008-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374691","purl":"pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1"}],"aliases":["CVE-2021-3468"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpzc-ryw1-p7e5"}],"fixing_vulnerabilities":[],"risk_score":"2.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-3"},{"url":"http://public2.vulnerablecode.io/api/packages/374691","purl":"pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1","type":"alpm","namespace":"archlinux","name":"avahi","version":"1:0.8+r127+g55d783d-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80528","vulnerability_id":"VCID-rpzc-ryw1-p7e5","summary":"avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3468","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08621","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08894","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08812","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08837","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08697","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08617","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08695","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08682","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08713","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08726","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0868","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08683","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08759","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614","reference_id":"1939614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938","reference_id":"984938","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938"},{"reference_url":"https://security.archlinux.org/AVG-1742","reference_id":"AVG-1742","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6707","reference_id":"RHSA-2023:6707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7836","reference_id":"RHSA-2023:7836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0418","reference_id":"RHSA-2024:0418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0576","reference_id":"RHSA-2024:0576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0576"},{"reference_url":"https://usn.ubuntu.com/5008-1/","reference_id":"USN-5008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5008-1/"},{"reference_url":"https://usn.ubuntu.com/5008-2/","reference_id":"USN-5008-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5008-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374691","purl":"pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1"}],"aliases":["CVE-2021-3468"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpzc-ryw1-p7e5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372155","purl":"pkg:alpm/archlinux/awstats@7.8-2","type":"alpm","namespace":"archlinux","name":"awstats","version":"7.8-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.8-3","latest_non_vulnerable_version":"7.8-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94571","vulnerability_id":"VCID-fxrv-1bju-qkgm","summary":"In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176","reference_id":"","reference_type":"","scores":[{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76131","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76194","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76233","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76289","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76318","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76325","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76341","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190","reference_id":"977190","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190"},{"reference_url":"https://security.archlinux.org/ASA-202103-15","reference_id":"ASA-202103-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-15"},{"reference_url":"https://security.archlinux.org/AVG-1356","reference_id":"AVG-1356","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1356"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372156","purl":"pkg:alpm/archlinux/awstats@7.8-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3"}],"aliases":["CVE-2020-35176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-2"},{"url":"http://public2.vulnerablecode.io/api/packages/372156","purl":"pkg:alpm/archlinux/awstats@7.8-3","type":"alpm","namespace":"archlinux","name":"awstats","version":"7.8-3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94571","vulnerability_id":"VCID-fxrv-1bju-qkgm","summary":"In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176","reference_id":"","reference_type":"","scores":[{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76131","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76194","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76233","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76289","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76318","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76325","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76341","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190","reference_id":"977190","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190"},{"reference_url":"https://security.archlinux.org/ASA-202103-15","reference_id":"ASA-202103-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-15"},{"reference_url":"https://security.archlinux.org/AVG-1356","reference_id":"AVG-1356","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1356"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372156","purl":"pkg:alpm/archlinux/awstats@7.8-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3"}],"aliases":["CVE-2020-35176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3"},{"url":"http://public2.vulnerablecode.io/api/packages/371374","purl":"pkg:alpm/archlinux/bash@4.3.026-1","type":"alpm","namespace":"archlinux","name":"bash","version":"4.3.026-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.3.027-1","latest_non_vulnerable_version":"4.3.027-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39490","vulnerability_id":"VCID-sqj7-9htv-nbfn","summary":"Multiple parsing flaws in Bash could allow remote attackers to\n    inject code or cause a Denial of Service condition.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126","reference_id":"","reference_type":"","scores":[],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126"},{"reference_url":"http://jvn.jp/en/jp/JVN55667175/index.html","reference_id":"","reference_type":"","scores":[],"url":"http://jvn.jp/en/jp/JVN55667175/index.html"},{"reference_url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html","reference_id":"","reference_type":"","scores":[],"url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"},{"reference_url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html","reference_id":"","reference_type":"","scores":[],"url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-3093","reference_id":"","reference_type":"","scores":[],"url":"http://linux.oracle.com/errata/ELSA-2014-3093"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-3094","reference_id":"","reference_type":"","scores":[],"url":"http://linux.oracle.com/errata/ELSA-2014-3094"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142289270617409&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142289270617409&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"reference_url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6277","reference_id":"","reference_type":"","scores":[{"value":"0.86544","scoring_system":"epss","scoring_elements":"0.99416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99434","published_at":"2026-05-14T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-04-18T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99426","published_at":"2026-04-21T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99429","published_at":"2026-04-26T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99428","published_at":"2026-04-29T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.9943","published_at":"2026-05-07T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99431","published_at":"2026-05-11T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99433","published_at":"2026-05-12T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99468","published_at":"2026-04-02T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.9947","published_at":"2026-04-04T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99471","published_at":"2026-04-07T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99473","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277"},{"reference_url":"http://secunia.com/advisories/58200","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/58200"},{"reference_url":"http://secunia.com/advisories/59907","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59907"},{"reference_url":"http://secunia.com/advisories/59961","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59961"},{"reference_url":"http://secunia.com/advisories/60024","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60024"},{"reference_url":"http://secunia.com/advisories/60034","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60034"},{"reference_url":"http://secunia.com/advisories/60044","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60044"},{"reference_url":"http://secunia.com/advisories/60055","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60055"},{"reference_url":"http://secunia.com/advisories/60063","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60063"},{"reference_url":"http://secunia.com/advisories/60193","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60193"},{"reference_url":"http://secunia.com/advisories/60325","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60325"},{"reference_url":"http://secunia.com/advisories/60433","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60433"},{"reference_url":"http://secunia.com/advisories/61065","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61065"},{"reference_url":"http://secunia.com/advisories/61128","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61128"},{"reference_url":"http://secunia.com/advisories/61129","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61129"},{"reference_url":"http://secunia.com/advisories/61283","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61283"},{"reference_url":"http://secunia.com/advisories/61287","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61287"},{"reference_url":"http://secunia.com/advisories/61291","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61291"},{"reference_url":"http://secunia.com/advisories/61312","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61312"},{"reference_url":"http://secunia.com/advisories/61313","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61313"},{"reference_url":"http://secunia.com/advisories/61328","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61328"},{"reference_url":"http://secunia.com/advisories/61442","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61442"},{"reference_url":"http://secunia.com/advisories/61471","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61471"},{"reference_url":"http://secunia.com/advisories/61485","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61485"},{"reference_url":"http://secunia.com/advisories/61503","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61503"},{"reference_url":"http://secunia.com/advisories/61550","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61550"},{"reference_url":"http://secunia.com/advisories/61552","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61552"},{"reference_url":"http://secunia.com/advisories/61565","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61565"},{"reference_url":"http://secunia.com/advisories/61603","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61603"},{"reference_url":"http://secunia.com/advisories/61633","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61633"},{"reference_url":"http://secunia.com/advisories/61641","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61641"},{"reference_url":"http://secunia.com/advisories/61643","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61643"},{"reference_url":"http://secunia.com/advisories/61654","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61654"},{"reference_url":"http://secunia.com/advisories/61703","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61703"},{"reference_url":"http://secunia.com/advisories/61780","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61780"},{"reference_url":"http://secunia.com/advisories/61816","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61816"},{"reference_url":"http://secunia.com/advisories/61857","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61857"},{"reference_url":"http://secunia.com/advisories/62312","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62312"},{"reference_url":"http://secunia.com/advisories/62343","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62343"},{"reference_url":"https://kb.bluecoat.com/index?page=content&id=SA82","reference_id":"","reference_type":"","scores":[],"url":"https://kb.bluecoat.com/index?page=content&id=SA82"},{"reference_url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648","reference_id":"","reference_type":"","scores":[],"url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085"},{"reference_url":"https://support.apple.com/HT205267","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT205267"},{"reference_url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts","reference_id":"","reference_type":"","scores":[],"url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts"},{"reference_url":"https://support.citrix.com/article/CTX200217","reference_id":"","reference_type":"","scores":[],"url":"https://support.citrix.com/article/CTX200217"},{"reference_url":"https://support.citrix.com/article/CTX200223","reference_id":"","reference_type":"","scores":[],"url":"https://support.citrix.com/article/CTX200223"},{"reference_url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183"},{"reference_url":"http://support.apple.com/HT204244","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/HT204244"},{"reference_url":"http://support.novell.com/security/cve/CVE-2014-6277.html","reference_id":"","reference_type":"","scores":[],"url":"http://support.novell.com/security/cve/CVE-2014-6277.html"},{"reference_url":"https://www.suse.com/support/shellshock/","reference_id":"","reference_type":"","scores":[],"url":"https://www.suse.com/support/shellshock/"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079"},{"reference_url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315","reference_id":"","reference_type":"","scores":[],"url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7015721","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/support/kb/doc.php?id=7015721"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"},{"reference_url":"http://www.qnap.com/i/en/support/con_show.php?cid=61","reference_id":"","reference_type":"","scores":[],"url":"http://www.qnap.com/i/en/support/con_show.php?cid=61"},{"reference_url":"http://www.ubuntu.com/usn/USN-2380-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2380-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147189","reference_id":"1147189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147189"},{"reference_url":"https://security.archlinux.org/AVG-924","reference_id":"AVG-924","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-924"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt","reference_id":"CVE-2014-6277","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6277","reference_id":"CVE-2014-6277","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6277"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py","reference_id":"CVE-2014-7187;CVE-2014-7186;CVE-2014-7169;CVE-2014-6278;CVE-2014-6277","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py"},{"reference_url":"https://security.gentoo.org/glsa/201410-01","reference_id":"GLSA-201410-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201410-01"},{"reference_url":"https://usn.ubuntu.com/2380-1/","reference_id":"USN-2380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371375","purl":"pkg:alpm/archlinux/bash@4.3.027-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1"}],"aliases":["CVE-2014-6277"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqj7-9htv-nbfn"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.026-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371375","purl":"pkg:alpm/archlinux/bash@4.3.027-1","type":"alpm","namespace":"archlinux","name":"bash","version":"4.3.027-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39490","vulnerability_id":"VCID-sqj7-9htv-nbfn","summary":"Multiple parsing flaws in Bash could allow remote attackers to\n    inject code or cause a Denial of Service condition.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126","reference_id":"","reference_type":"","scores":[],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126"},{"reference_url":"http://jvn.jp/en/jp/JVN55667175/index.html","reference_id":"","reference_type":"","scores":[],"url":"http://jvn.jp/en/jp/JVN55667175/index.html"},{"reference_url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html","reference_id":"","reference_type":"","scores":[],"url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"},{"reference_url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html","reference_id":"","reference_type":"","scores":[],"url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-3093","reference_id":"","reference_type":"","scores":[],"url":"http://linux.oracle.com/errata/ELSA-2014-3093"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-3094","reference_id":"","reference_type":"","scores":[],"url":"http://linux.oracle.com/errata/ELSA-2014-3094"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142289270617409&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142289270617409&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"reference_url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6277","reference_id":"","reference_type":"","scores":[{"value":"0.86544","scoring_system":"epss","scoring_elements":"0.99416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99434","published_at":"2026-05-14T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-04-18T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99426","published_at":"2026-04-21T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99429","published_at":"2026-04-26T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99428","published_at":"2026-04-29T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.9943","published_at":"2026-05-07T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99431","published_at":"2026-05-11T12:55:00Z"},{"value":"0.86752","scoring_system":"epss","scoring_elements":"0.99433","published_at":"2026-05-12T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99468","published_at":"2026-04-02T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.9947","published_at":"2026-04-04T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99471","published_at":"2026-04-07T12:55:00Z"},{"value":"0.87816","scoring_system":"epss","scoring_elements":"0.99473","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277"},{"reference_url":"http://secunia.com/advisories/58200","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/58200"},{"reference_url":"http://secunia.com/advisories/59907","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59907"},{"reference_url":"http://secunia.com/advisories/59961","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59961"},{"reference_url":"http://secunia.com/advisories/60024","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60024"},{"reference_url":"http://secunia.com/advisories/60034","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60034"},{"reference_url":"http://secunia.com/advisories/60044","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60044"},{"reference_url":"http://secunia.com/advisories/60055","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60055"},{"reference_url":"http://secunia.com/advisories/60063","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60063"},{"reference_url":"http://secunia.com/advisories/60193","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60193"},{"reference_url":"http://secunia.com/advisories/60325","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60325"},{"reference_url":"http://secunia.com/advisories/60433","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60433"},{"reference_url":"http://secunia.com/advisories/61065","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61065"},{"reference_url":"http://secunia.com/advisories/61128","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61128"},{"reference_url":"http://secunia.com/advisories/61129","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61129"},{"reference_url":"http://secunia.com/advisories/61283","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61283"},{"reference_url":"http://secunia.com/advisories/61287","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61287"},{"reference_url":"http://secunia.com/advisories/61291","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61291"},{"reference_url":"http://secunia.com/advisories/61312","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61312"},{"reference_url":"http://secunia.com/advisories/61313","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61313"},{"reference_url":"http://secunia.com/advisories/61328","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61328"},{"reference_url":"http://secunia.com/advisories/61442","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61442"},{"reference_url":"http://secunia.com/advisories/61471","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61471"},{"reference_url":"http://secunia.com/advisories/61485","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61485"},{"reference_url":"http://secunia.com/advisories/61503","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61503"},{"reference_url":"http://secunia.com/advisories/61550","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61550"},{"reference_url":"http://secunia.com/advisories/61552","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61552"},{"reference_url":"http://secunia.com/advisories/61565","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61565"},{"reference_url":"http://secunia.com/advisories/61603","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61603"},{"reference_url":"http://secunia.com/advisories/61633","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61633"},{"reference_url":"http://secunia.com/advisories/61641","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61641"},{"reference_url":"http://secunia.com/advisories/61643","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61643"},{"reference_url":"http://secunia.com/advisories/61654","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61654"},{"reference_url":"http://secunia.com/advisories/61703","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61703"},{"reference_url":"http://secunia.com/advisories/61780","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61780"},{"reference_url":"http://secunia.com/advisories/61816","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61816"},{"reference_url":"http://secunia.com/advisories/61857","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61857"},{"reference_url":"http://secunia.com/advisories/62312","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62312"},{"reference_url":"http://secunia.com/advisories/62343","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62343"},{"reference_url":"https://kb.bluecoat.com/index?page=content&id=SA82","reference_id":"","reference_type":"","scores":[],"url":"https://kb.bluecoat.com/index?page=content&id=SA82"},{"reference_url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648","reference_id":"","reference_type":"","scores":[],"url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085"},{"reference_url":"https://support.apple.com/HT205267","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT205267"},{"reference_url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts","reference_id":"","reference_type":"","scores":[],"url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts"},{"reference_url":"https://support.citrix.com/article/CTX200217","reference_id":"","reference_type":"","scores":[],"url":"https://support.citrix.com/article/CTX200217"},{"reference_url":"https://support.citrix.com/article/CTX200223","reference_id":"","reference_type":"","scores":[],"url":"https://support.citrix.com/article/CTX200223"},{"reference_url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183"},{"reference_url":"http://support.apple.com/HT204244","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/HT204244"},{"reference_url":"http://support.novell.com/security/cve/CVE-2014-6277.html","reference_id":"","reference_type":"","scores":[],"url":"http://support.novell.com/security/cve/CVE-2014-6277.html"},{"reference_url":"https://www.suse.com/support/shellshock/","reference_id":"","reference_type":"","scores":[],"url":"https://www.suse.com/support/shellshock/"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079"},{"reference_url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315","reference_id":"","reference_type":"","scores":[],"url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7015721","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/support/kb/doc.php?id=7015721"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"},{"reference_url":"http://www.qnap.com/i/en/support/con_show.php?cid=61","reference_id":"","reference_type":"","scores":[],"url":"http://www.qnap.com/i/en/support/con_show.php?cid=61"},{"reference_url":"http://www.ubuntu.com/usn/USN-2380-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2380-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147189","reference_id":"1147189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147189"},{"reference_url":"https://security.archlinux.org/AVG-924","reference_id":"AVG-924","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-924"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt","reference_id":"CVE-2014-6277","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6277","reference_id":"CVE-2014-6277","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6277"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py","reference_id":"CVE-2014-7187;CVE-2014-7186;CVE-2014-7169;CVE-2014-6278;CVE-2014-6277","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py"},{"reference_url":"https://security.gentoo.org/glsa/201410-01","reference_id":"GLSA-201410-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201410-01"},{"reference_url":"https://usn.ubuntu.com/2380-1/","reference_id":"USN-2380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371375","purl":"pkg:alpm/archlinux/bash@4.3.027-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1"}],"aliases":["CVE-2014-6277"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqj7-9htv-nbfn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373621","purl":"pkg:alpm/archlinux/bat@0.18.1-1","type":"alpm","namespace":"archlinux","name":"bat","version":"0.18.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.18.2-1","latest_non_vulnerable_version":"0.18.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41229","vulnerability_id":"VCID-gabj-syb9-c7ff","summary":"Uncontrolled Search Path Element in sharkdp/bat\nbat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36753","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41438","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41446","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41435","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4142","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41247","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4103","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41102","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41119","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41024","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4105","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4134","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41432","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41461","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36753"},{"reference_url":"https://github.com/sharkdp/bat","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat"},{"reference_url":"https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956"},{"reference_url":"https://github.com/sharkdp/bat/pull/1724","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat/pull/1724"},{"reference_url":"https://github.com/sharkdp/bat/releases/tag/v0.18.2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat/releases/tag/v0.18.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36753","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36753"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0106.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0106.html"},{"reference_url":"https://vuln.ryotak.me/advisories/53","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuln.ryotak.me/advisories/53"},{"reference_url":"https://security.archlinux.org/AVG-2165","reference_id":"AVG-2165","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2165"},{"reference_url":"https://github.com/advisories/GHSA-p24j-h477-76q3","reference_id":"GHSA-p24j-h477-76q3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p24j-h477-76q3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373622","purl":"pkg:alpm/archlinux/bat@0.18.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1"}],"aliases":["CVE-2021-36753","GHSA-p24j-h477-76q3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gabj-syb9-c7ff"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373622","purl":"pkg:alpm/archlinux/bat@0.18.2-1","type":"alpm","namespace":"archlinux","name":"bat","version":"0.18.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41229","vulnerability_id":"VCID-gabj-syb9-c7ff","summary":"Uncontrolled Search Path Element in sharkdp/bat\nbat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36753","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41438","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41446","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41435","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4142","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41247","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4103","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41102","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41119","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41024","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4105","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4134","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41432","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41461","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36753"},{"reference_url":"https://github.com/sharkdp/bat","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat"},{"reference_url":"https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956"},{"reference_url":"https://github.com/sharkdp/bat/pull/1724","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat/pull/1724"},{"reference_url":"https://github.com/sharkdp/bat/releases/tag/v0.18.2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sharkdp/bat/releases/tag/v0.18.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36753","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36753"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0106.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0106.html"},{"reference_url":"https://vuln.ryotak.me/advisories/53","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuln.ryotak.me/advisories/53"},{"reference_url":"https://security.archlinux.org/AVG-2165","reference_id":"AVG-2165","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2165"},{"reference_url":"https://github.com/advisories/GHSA-p24j-h477-76q3","reference_id":"GHSA-p24j-h477-76q3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p24j-h477-76q3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373622","purl":"pkg:alpm/archlinux/bat@0.18.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1"}],"aliases":["CVE-2021-36753","GHSA-p24j-h477-76q3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gabj-syb9-c7ff"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374482","purl":"pkg:alpm/archlinux/bchunk@1.2.0-4","type":"alpm","namespace":"archlinux","name":"bchunk","version":"1.2.0-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.2-4","latest_non_vulnerable_version":"1.2.2-4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69774","vulnerability_id":"VCID-dk5f-hadp-87e7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15953","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50153","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50079","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50098","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50152","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50162","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50176","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5015","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50135","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50095","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50015","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50069","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955"},{"reference_url":"https://github.com/extramaster/bchunk/issues/2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/extramaster/bchunk/issues/2"},{"reference_url":"https://github.com/hessu/bchunk/issues/1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hessu/bchunk/issues/1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4026","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116","reference_id":"880116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116"},{"reference_url":"https://security.archlinux.org/ASA-201803-24","reference_id":"ASA-201803-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-24"},{"reference_url":"https://security.archlinux.org/AVG-475","reference_id":"AVG-475","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-475"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15953","reference_id":"CVE-2017-15953","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15953"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"}],"aliases":["CVE-2017-15953"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk5f-hadp-87e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69775","vulnerability_id":"VCID-syvr-upka-zybt","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15954","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54056","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5396","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53987","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53916","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5397","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53982","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54021","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54007","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53955","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53904","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53946","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54001","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955"},{"reference_url":"https://github.com/extramaster/bchunk/issues/3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/extramaster/bchunk/issues/3"},{"reference_url":"https://github.com/hessu/bchunk/issues/1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hessu/bchunk/issues/1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4026","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116","reference_id":"880116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116"},{"reference_url":"https://security.archlinux.org/ASA-201803-24","reference_id":"ASA-201803-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-24"},{"reference_url":"https://security.archlinux.org/AVG-475","reference_id":"AVG-475","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-475"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15954","reference_id":"CVE-2017-15954","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15954"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"}],"aliases":["CVE-2017-15954"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syvr-upka-zybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69776","vulnerability_id":"VCID-xatx-tmp5-cka2","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15955","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48411","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48382","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48429","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48478","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48475","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48487","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48488","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48434","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4835","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48413","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15955"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955"},{"reference_url":"https://github.com/extramaster/bchunk/issues/4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/extramaster/bchunk/issues/4"},{"reference_url":"https://github.com/hessu/bchunk/issues/2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hessu/bchunk/issues/2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4026","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116","reference_id":"880116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116"},{"reference_url":"https://security.archlinux.org/ASA-201803-24","reference_id":"ASA-201803-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-24"},{"reference_url":"https://security.archlinux.org/AVG-475","reference_id":"AVG-475","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-475"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15955","reference_id":"CVE-2017-15955","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"}],"aliases":["CVE-2017-15955"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xatx-tmp5-cka2"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.0-4"},{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","type":"alpm","namespace":"archlinux","name":"bchunk","version":"1.2.2-4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69774","vulnerability_id":"VCID-dk5f-hadp-87e7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15953","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50153","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50079","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50098","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50152","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50162","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50176","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5015","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50135","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50095","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50015","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50069","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955"},{"reference_url":"https://github.com/extramaster/bchunk/issues/2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/extramaster/bchunk/issues/2"},{"reference_url":"https://github.com/hessu/bchunk/issues/1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hessu/bchunk/issues/1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4026","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116","reference_id":"880116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116"},{"reference_url":"https://security.archlinux.org/ASA-201803-24","reference_id":"ASA-201803-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-24"},{"reference_url":"https://security.archlinux.org/AVG-475","reference_id":"AVG-475","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-475"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15953","reference_id":"CVE-2017-15953","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15953"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"}],"aliases":["CVE-2017-15953"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk5f-hadp-87e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69775","vulnerability_id":"VCID-syvr-upka-zybt","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15954","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54056","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5396","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53987","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53916","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5397","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53982","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54021","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54007","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53955","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53904","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53946","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54001","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955"},{"reference_url":"https://github.com/extramaster/bchunk/issues/3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/extramaster/bchunk/issues/3"},{"reference_url":"https://github.com/hessu/bchunk/issues/1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hessu/bchunk/issues/1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4026","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116","reference_id":"880116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116"},{"reference_url":"https://security.archlinux.org/ASA-201803-24","reference_id":"ASA-201803-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-24"},{"reference_url":"https://security.archlinux.org/AVG-475","reference_id":"AVG-475","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-475"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15954","reference_id":"CVE-2017-15954","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15954"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"}],"aliases":["CVE-2017-15954"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syvr-upka-zybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69776","vulnerability_id":"VCID-xatx-tmp5-cka2","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15955","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48411","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48382","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48429","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48478","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48475","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48487","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48488","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48434","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4835","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48413","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15955"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955"},{"reference_url":"https://github.com/extramaster/bchunk/issues/4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/extramaster/bchunk/issues/4"},{"reference_url":"https://github.com/hessu/bchunk/issues/2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hessu/bchunk/issues/2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4026","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116","reference_id":"880116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116"},{"reference_url":"https://security.archlinux.org/ASA-201803-24","reference_id":"ASA-201803-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-24"},{"reference_url":"https://security.archlinux.org/AVG-475","reference_id":"AVG-475","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-475"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15955","reference_id":"CVE-2017-15955","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374483","purl":"pkg:alpm/archlinux/bchunk@1.2.2-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"}],"aliases":["CVE-2017-15955"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xatx-tmp5-cka2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4"},{"url":"http://public2.vulnerablecode.io/api/packages/372246","purl":"pkg:alpm/archlinux/bcprov@1.66-1","type":"alpm","namespace":"archlinux","name":"bcprov","version":"1.66-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.67-1","latest_non_vulnerable_version":"1.67-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35118","vulnerability_id":"VCID-amzx-sbps-xke5","summary":"Logic error in Legion of the Bouncy Castle BC Java\nAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88696","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88671","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88659","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88662","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88649","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88634","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88624","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88619","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88539","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88609","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88595","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88591","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88568","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88547","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"},{"reference_url":"https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28052"},{"reference_url":"https://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/releasenotes.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912881","reference_id":"1912881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912881"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683","reference_id":"977683","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683"},{"reference_url":"https://security.archlinux.org/AVG-1372","reference_id":"AVG-1372","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1372"},{"reference_url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/","reference_id":"CVE-2020-28052-BOUNCY-CASTLE","reference_type":"","scores":[],"url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"},{"reference_url":"https://github.com/advisories/GHSA-73xv-w5gp-frxh","reference_id":"GHSA-73xv-w5gp-frxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73xv-w5gp-frxh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1401","reference_id":"RHSA-2021:1401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2210","reference_id":"RHSA-2021:2210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2755","reference_id":"RHSA-2021:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3205","reference_id":"RHSA-2021:3205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4767","reference_id":"RHSA-2021:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372247","purl":"pkg:alpm/archlinux/bcprov@1.67-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1"}],"aliases":["CVE-2020-28052","GHSA-73xv-w5gp-frxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.66-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372247","purl":"pkg:alpm/archlinux/bcprov@1.67-1","type":"alpm","namespace":"archlinux","name":"bcprov","version":"1.67-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35118","vulnerability_id":"VCID-amzx-sbps-xke5","summary":"Logic error in Legion of the Bouncy Castle BC Java\nAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88696","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88671","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88659","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88662","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88649","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88634","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88624","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88619","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88539","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88609","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88595","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88591","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88568","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88547","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"},{"reference_url":"https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28052"},{"reference_url":"https://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/releasenotes.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912881","reference_id":"1912881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912881"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683","reference_id":"977683","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683"},{"reference_url":"https://security.archlinux.org/AVG-1372","reference_id":"AVG-1372","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1372"},{"reference_url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/","reference_id":"CVE-2020-28052-BOUNCY-CASTLE","reference_type":"","scores":[],"url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"},{"reference_url":"https://github.com/advisories/GHSA-73xv-w5gp-frxh","reference_id":"GHSA-73xv-w5gp-frxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73xv-w5gp-frxh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1401","reference_id":"RHSA-2021:1401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2210","reference_id":"RHSA-2021:2210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2755","reference_id":"RHSA-2021:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3205","reference_id":"RHSA-2021:3205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4767","reference_id":"RHSA-2021:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372247","purl":"pkg:alpm/archlinux/bcprov@1.67-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1"}],"aliases":["CVE-2020-28052","GHSA-73xv-w5gp-frxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372543","purl":"pkg:alpm/archlinux/beep@1.3-4","type":"alpm","namespace":"archlinux","name":"beep","version":"1.3-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.4-1","latest_non_vulnerable_version":"1.4.4-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48794","vulnerability_id":"VCID-gupx-n3wg-mygd","summary":"A vulnerability in beep could allow local attackers to escalate\n    privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0492","reference_id":"","reference_type":"","scores":[{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84199","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.83961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.83975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.8399","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.83994","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84017","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84023","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.8404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84053","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84091","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84112","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84135","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84151","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.8415","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84167","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667","reference_id":"894667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667"},{"reference_url":"https://security.archlinux.org/AVG-940","reference_id":"AVG-940","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-940"},{"reference_url":"https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc","reference_id":"CVE-2018-0492","reference_type":"exploit","scores":[],"url":"https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py","reference_id":"CVE-2018-0492","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py"},{"reference_url":"https://security.gentoo.org/glsa/201805-15","reference_id":"GLSA-201805-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372544","purl":"pkg:alpm/archlinux/beep@1.4.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1"}],"aliases":["CVE-2018-0492"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-n3wg-mygd"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.3-4"},{"url":"http://public2.vulnerablecode.io/api/packages/372544","purl":"pkg:alpm/archlinux/beep@1.4.4-1","type":"alpm","namespace":"archlinux","name":"beep","version":"1.4.4-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48794","vulnerability_id":"VCID-gupx-n3wg-mygd","summary":"A vulnerability in beep could allow local attackers to escalate\n    privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0492","reference_id":"","reference_type":"","scores":[{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84199","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.83961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.83975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.8399","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.83994","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84017","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84023","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.8404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84053","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84091","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84112","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84135","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84151","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.8415","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0209","scoring_system":"epss","scoring_elements":"0.84167","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667","reference_id":"894667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667"},{"reference_url":"https://security.archlinux.org/AVG-940","reference_id":"AVG-940","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-940"},{"reference_url":"https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc","reference_id":"CVE-2018-0492","reference_type":"exploit","scores":[],"url":"https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py","reference_id":"CVE-2018-0492","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py"},{"reference_url":"https://security.gentoo.org/glsa/201805-15","reference_id":"GLSA-201805-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372544","purl":"pkg:alpm/archlinux/beep@1.4.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1"}],"aliases":["CVE-2018-0492"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-n3wg-mygd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373164","purl":"pkg:alpm/archlinux/bind@9.10.4.P2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.10.4.P2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.10.4.P3-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31463","vulnerability_id":"VCID-4cxw-y4nn-2bem","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which could cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2776","reference_id":"","reference_type":"","scores":[{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99428","published_at":"2026-04-01T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99429","published_at":"2026-04-07T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99433","published_at":"2026-04-11T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99437","published_at":"2026-04-18T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99436","published_at":"2026-04-21T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99505","published_at":"2026-05-05T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99508","published_at":"2026-05-11T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99509","published_at":"2026-05-14T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99506","published_at":"2026-05-07T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99507","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378380","reference_id":"1378380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010","reference_id":"839010","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010"},{"reference_url":"https://security.archlinux.org/ASA-201609-29","reference_id":"ASA-201609-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-29"},{"reference_url":"https://security.archlinux.org/AVG-36","reference_id":"AVG-36","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-36"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py","reference_id":"CVE-2016-2776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py"},{"reference_url":"https://security.gentoo.org/glsa/201610-07","reference_id":"GLSA-201610-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1944","reference_id":"RHSA-2016:1944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1945","reference_id":"RHSA-2016:1945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2099","reference_id":"RHSA-2016:2099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2099"},{"reference_url":"https://usn.ubuntu.com/3088-1/","reference_id":"USN-3088-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3088-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373165","purl":"pkg:alpm/archlinux/bind@9.10.4.P3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1"}],"aliases":["CVE-2016-2776"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxw-y4nn-2bem"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373165","purl":"pkg:alpm/archlinux/bind@9.10.4.P3-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.10.4.P3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.11.0.P1-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31463","vulnerability_id":"VCID-4cxw-y4nn-2bem","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which could cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2776","reference_id":"","reference_type":"","scores":[{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99428","published_at":"2026-04-01T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99429","published_at":"2026-04-07T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99433","published_at":"2026-04-11T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99437","published_at":"2026-04-18T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99436","published_at":"2026-04-21T12:55:00Z"},{"value":"0.86964","scoring_system":"epss","scoring_elements":"0.99438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99505","published_at":"2026-05-05T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99508","published_at":"2026-05-11T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99509","published_at":"2026-05-14T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99506","published_at":"2026-05-07T12:55:00Z"},{"value":"0.88392","scoring_system":"epss","scoring_elements":"0.99507","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378380","reference_id":"1378380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010","reference_id":"839010","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010"},{"reference_url":"https://security.archlinux.org/ASA-201609-29","reference_id":"ASA-201609-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-29"},{"reference_url":"https://security.archlinux.org/AVG-36","reference_id":"AVG-36","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-36"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py","reference_id":"CVE-2016-2776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py"},{"reference_url":"https://security.gentoo.org/glsa/201610-07","reference_id":"GLSA-201610-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1944","reference_id":"RHSA-2016:1944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1945","reference_id":"RHSA-2016:1945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2099","reference_id":"RHSA-2016:2099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2099"},{"reference_url":"https://usn.ubuntu.com/3088-1/","reference_id":"USN-3088-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3088-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373165","purl":"pkg:alpm/archlinux/bind@9.10.4.P3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1"}],"aliases":["CVE-2016-2776"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxw-y4nn-2bem"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373143","purl":"pkg:alpm/archlinux/bind@9.11.0-2","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.0-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.0.P1-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34600","vulnerability_id":"VCID-pn63-zx6s-gfgc","summary":"A vulnerability in BIND might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8864","reference_id":"","reference_type":"","scores":[{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97582","published_at":"2026-04-01T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97646","published_at":"2026-05-14T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97629","published_at":"2026-05-07T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.9763","published_at":"2026-05-11T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97637","published_at":"2026-05-12T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97589","published_at":"2026-04-02T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97592","published_at":"2026-04-04T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97593","published_at":"2026-04-07T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97614","published_at":"2026-04-16T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97619","published_at":"2026-04-29T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97625","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389652","reference_id":"1389652","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389652"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858","reference_id":"842858","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858"},{"reference_url":"https://security.archlinux.org/ASA-201611-3","reference_id":"ASA-201611-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-3"},{"reference_url":"https://security.archlinux.org/AVG-59","reference_id":"AVG-59","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-59"},{"reference_url":"https://security.gentoo.org/glsa/201701-26","reference_id":"GLSA-201701-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2141","reference_id":"RHSA-2016:2141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2142","reference_id":"RHSA-2016:2142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2615","reference_id":"RHSA-2016:2615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2871","reference_id":"RHSA-2016:2871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3119-1/","reference_id":"USN-3119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373144","purl":"pkg:alpm/archlinux/bind@9.11.0.P1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1"}],"aliases":["CVE-2016-8864"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pn63-zx6s-gfgc"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373144","purl":"pkg:alpm/archlinux/bind@9.11.0.P1-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.0.P1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.11.0.P3-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34600","vulnerability_id":"VCID-pn63-zx6s-gfgc","summary":"A vulnerability in BIND might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8864","reference_id":"","reference_type":"","scores":[{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97582","published_at":"2026-04-01T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97646","published_at":"2026-05-14T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97629","published_at":"2026-05-07T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.9763","published_at":"2026-05-11T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97637","published_at":"2026-05-12T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97589","published_at":"2026-04-02T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97592","published_at":"2026-04-04T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97593","published_at":"2026-04-07T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97614","published_at":"2026-04-16T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97619","published_at":"2026-04-29T12:55:00Z"},{"value":"0.45373","scoring_system":"epss","scoring_elements":"0.97625","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389652","reference_id":"1389652","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389652"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858","reference_id":"842858","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858"},{"reference_url":"https://security.archlinux.org/ASA-201611-3","reference_id":"ASA-201611-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-3"},{"reference_url":"https://security.archlinux.org/AVG-59","reference_id":"AVG-59","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-59"},{"reference_url":"https://security.gentoo.org/glsa/201701-26","reference_id":"GLSA-201701-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2141","reference_id":"RHSA-2016:2141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2142","reference_id":"RHSA-2016:2142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2615","reference_id":"RHSA-2016:2615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2871","reference_id":"RHSA-2016:2871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3119-1/","reference_id":"USN-3119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373144","purl":"pkg:alpm/archlinux/bind@9.11.0.P1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1"}],"aliases":["CVE-2016-8864"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pn63-zx6s-gfgc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373094","purl":"pkg:alpm/archlinux/bind@9.11.0.P1-3","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.0.P1-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.0.P3-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48057","vulnerability_id":"VCID-5jpj-6zqd-3ub9","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9147","reference_id":"","reference_type":"","scores":[{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98089","published_at":"2026-04-01T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.9813","published_at":"2026-05-14T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98123","published_at":"2026-05-09T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98125","published_at":"2026-05-12T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.9811","published_at":"2026-04-21T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98111","published_at":"2026-04-24T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98121","published_at":"2026-05-11T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.9812","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411367","reference_id":"1411367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063","reference_id":"851063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0062","reference_id":"RHSA-2017:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0063","reference_id":"RHSA-2017:0063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0064","reference_id":"RHSA-2017:0064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1582","reference_id":"RHSA-2017:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3172-1/","reference_id":"USN-3172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9147"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jpj-6zqd-3ub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48059","vulnerability_id":"VCID-7n8z-mhbn-xudt","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9778","reference_id":"","reference_type":"","scores":[{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90233","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90169","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.9018","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90188","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90204","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.9021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90219","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.9118","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91132","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91137","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91145","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91166","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/article/AA-01442/","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/article/AA-01442/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0005/"},{"reference_url":"http://www.securityfocus.com/bid/95388","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95388"},{"reference_url":"http://www.securitytracker.com/id/1037582","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411387","reference_id":"1411387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411387"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9778","reference_id":"CVE-2016-9778","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9778"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9778"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7n8z-mhbn-xudt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48058","vulnerability_id":"VCID-s4q2-n72q-vuhh","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9444","reference_id":"","reference_type":"","scores":[{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97869","published_at":"2026-05-14T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97861","published_at":"2026-05-11T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97864","published_at":"2026-05-12T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97829","published_at":"2026-04-02T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.9783","published_at":"2026-04-04T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.9784","published_at":"2026-04-09T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97845","published_at":"2026-04-12T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97853","published_at":"2026-04-21T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97857","published_at":"2026-04-29T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.9786","published_at":"2026-05-05T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97859","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411377","reference_id":"1411377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062","reference_id":"851062","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0062","reference_id":"RHSA-2017:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3172-1/","reference_id":"USN-3172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9444"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q2-n72q-vuhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48056","vulnerability_id":"VCID-uze1-hja3-kubc","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9131","reference_id":"","reference_type":"","scores":[{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98764","published_at":"2026-04-01T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.988","published_at":"2026-05-14T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98796","published_at":"2026-05-11T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-05-12T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98768","published_at":"2026-04-04T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.9877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98774","published_at":"2026-04-12T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98781","published_at":"2026-04-21T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98785","published_at":"2026-04-26T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98786","published_at":"2026-04-29T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98792","published_at":"2026-05-07T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98794","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411348","reference_id":"1411348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065","reference_id":"851065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0062","reference_id":"RHSA-2017:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3172-1/","reference_id":"USN-3172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9131"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uze1-hja3-kubc"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-3"},{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.0.P2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.0.P3-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48060","vulnerability_id":"VCID-xatr-hnmn-mfbj","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0276.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-0276.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3135","reference_id":"","reference_type":"","scores":[{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97043","published_at":"2026-05-14T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-29T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97014","published_at":"2026-05-05T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97018","published_at":"2026-05-07T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97024","published_at":"2026-05-09T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97033","published_at":"2026-05-12T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96969","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96974","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96985","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96986","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96989","published_at":"2026-04-12T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.9699","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96999","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97005","published_at":"2026-04-21T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97008","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01453","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01453"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0005/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3795","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3795"},{"reference_url":"http://www.securityfocus.com/bid/96150","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96150"},{"reference_url":"http://www.securitytracker.com/id/1037801","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420193","reference_id":"1420193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520","reference_id":"855520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520"},{"reference_url":"https://security.archlinux.org/ASA-201702-8","reference_id":"ASA-201702-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-8"},{"reference_url":"https://security.archlinux.org/AVG-169","reference_id":"AVG-169","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-169"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3135","reference_id":"CVE-2017-3135","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3135"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0276","reference_id":"RHSA-2017:0276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0276"},{"reference_url":"https://usn.ubuntu.com/3201-1/","reference_id":"USN-3201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373075","purl":"pkg:alpm/archlinux/bind@9.11.0.P3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1"}],"aliases":["CVE-2017-3135"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xatr-hnmn-mfbj"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48057","vulnerability_id":"VCID-5jpj-6zqd-3ub9","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9147","reference_id":"","reference_type":"","scores":[{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98089","published_at":"2026-04-01T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.9813","published_at":"2026-05-14T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98123","published_at":"2026-05-09T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98125","published_at":"2026-05-12T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.9811","published_at":"2026-04-21T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98111","published_at":"2026-04-24T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.98121","published_at":"2026-05-11T12:55:00Z"},{"value":"0.56165","scoring_system":"epss","scoring_elements":"0.9812","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411367","reference_id":"1411367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063","reference_id":"851063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0062","reference_id":"RHSA-2017:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0063","reference_id":"RHSA-2017:0063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0064","reference_id":"RHSA-2017:0064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1582","reference_id":"RHSA-2017:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3172-1/","reference_id":"USN-3172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9147"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jpj-6zqd-3ub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48059","vulnerability_id":"VCID-7n8z-mhbn-xudt","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9778","reference_id":"","reference_type":"","scores":[{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90233","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90169","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.9018","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90188","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90204","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.9021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0542","scoring_system":"epss","scoring_elements":"0.90219","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.9118","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91132","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91137","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91145","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06614","scoring_system":"epss","scoring_elements":"0.91166","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/article/AA-01442/","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/article/AA-01442/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0005/"},{"reference_url":"http://www.securityfocus.com/bid/95388","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95388"},{"reference_url":"http://www.securitytracker.com/id/1037582","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411387","reference_id":"1411387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411387"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9778","reference_id":"CVE-2016-9778","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9778"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9778"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7n8z-mhbn-xudt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48058","vulnerability_id":"VCID-s4q2-n72q-vuhh","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9444","reference_id":"","reference_type":"","scores":[{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97869","published_at":"2026-05-14T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97861","published_at":"2026-05-11T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97864","published_at":"2026-05-12T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97829","published_at":"2026-04-02T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.9783","published_at":"2026-04-04T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.9784","published_at":"2026-04-09T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97845","published_at":"2026-04-12T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97853","published_at":"2026-04-21T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97857","published_at":"2026-04-29T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.9786","published_at":"2026-05-05T12:55:00Z"},{"value":"0.5046","scoring_system":"epss","scoring_elements":"0.97859","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411377","reference_id":"1411377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062","reference_id":"851062","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0062","reference_id":"RHSA-2017:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3172-1/","reference_id":"USN-3172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9444"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q2-n72q-vuhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48056","vulnerability_id":"VCID-uze1-hja3-kubc","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9131","reference_id":"","reference_type":"","scores":[{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98764","published_at":"2026-04-01T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.988","published_at":"2026-05-14T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98796","published_at":"2026-05-11T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-05-12T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98768","published_at":"2026-04-04T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.9877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98774","published_at":"2026-04-12T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98781","published_at":"2026-04-21T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98785","published_at":"2026-04-26T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98786","published_at":"2026-04-29T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98792","published_at":"2026-05-07T12:55:00Z"},{"value":"0.7283","scoring_system":"epss","scoring_elements":"0.98794","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411348","reference_id":"1411348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065","reference_id":"851065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065"},{"reference_url":"https://security.archlinux.org/ASA-201701-15","reference_id":"ASA-201701-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-15"},{"reference_url":"https://security.archlinux.org/AVG-132","reference_id":"AVG-132","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-132"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0062","reference_id":"RHSA-2017:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3172-1/","reference_id":"USN-3172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373074","purl":"pkg:alpm/archlinux/bind@9.11.0.P2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xatr-hnmn-mfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"}],"aliases":["CVE-2016-9131"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uze1-hja3-kubc"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373075","purl":"pkg:alpm/archlinux/bind@9.11.0.P3-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.0.P3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.11.1.P2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48060","vulnerability_id":"VCID-xatr-hnmn-mfbj","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0276.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-0276.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3135","reference_id":"","reference_type":"","scores":[{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97043","published_at":"2026-05-14T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-29T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97014","published_at":"2026-05-05T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97018","published_at":"2026-05-07T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97024","published_at":"2026-05-09T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97033","published_at":"2026-05-12T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96969","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96974","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96985","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96986","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96989","published_at":"2026-04-12T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.9699","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.96999","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97005","published_at":"2026-04-21T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.34413","scoring_system":"epss","scoring_elements":"0.97008","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01453","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01453"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0005/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3795","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3795"},{"reference_url":"http://www.securityfocus.com/bid/96150","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96150"},{"reference_url":"http://www.securitytracker.com/id/1037801","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420193","reference_id":"1420193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520","reference_id":"855520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520"},{"reference_url":"https://security.archlinux.org/ASA-201702-8","reference_id":"ASA-201702-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-8"},{"reference_url":"https://security.archlinux.org/AVG-169","reference_id":"AVG-169","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-169"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3135","reference_id":"CVE-2017-3135","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3135"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0276","reference_id":"RHSA-2017:0276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0276"},{"reference_url":"https://usn.ubuntu.com/3201-1/","reference_id":"USN-3201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373075","purl":"pkg:alpm/archlinux/bind@9.11.0.P3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1"}],"aliases":["CVE-2017-3135"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xatr-hnmn-mfbj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373030","purl":"pkg:alpm/archlinux/bind@9.11.0.P3-4","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.0.P3-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.1.P2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48063","vulnerability_id":"VCID-ruf8-3syu-vyew","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3138","reference_id":"","reference_type":"","scores":[{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.9726","published_at":"2026-05-14T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-04-18T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97224","published_at":"2026-04-24T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-04-26T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97227","published_at":"2026-04-29T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97232","published_at":"2026-05-05T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-05-07T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-05-11T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97253","published_at":"2026-05-12T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.9725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/aa-01471","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01471"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180802-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180802-0002/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3854","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3854"},{"reference_url":"http://www.securityfocus.com/bid/97657","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97657"},{"reference_url":"http://www.securitytracker.com/id/1038260","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038260"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441137","reference_id":"1441137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441137"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226","reference_id":"860226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226"},{"reference_url":"https://security.archlinux.org/ASA-201704-11","reference_id":"ASA-201704-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-11"},{"reference_url":"https://security.archlinux.org/AVG-239","reference_id":"AVG-239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-239"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3138","reference_id":"CVE-2017-3138","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3138"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://usn.ubuntu.com/3259-1/","reference_id":"USN-3259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4dn-73sn-57c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"}],"aliases":["CVE-2017-3138"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruf8-3syu-vyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48062","vulnerability_id":"VCID-sh9s-2ef5-ruct","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3137","reference_id":"","reference_type":"","scores":[{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96496","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96574","published_at":"2026-05-14T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96551","published_at":"2026-05-05T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96553","published_at":"2026-05-07T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96559","published_at":"2026-05-09T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.9656","published_at":"2026-05-11T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96565","published_at":"2026-05-12T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.9652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96523","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.9653","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96536","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96542","published_at":"2026-04-18T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96543","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96544","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/aa-01466","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01466"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180802-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180802-0002/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3854","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3854"},{"reference_url":"http://www.securityfocus.com/bid/97651","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97651"},{"reference_url":"http://www.securitytracker.com/id/1038258","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038258"},{"reference_url":"http://www.securitytracker.com/id/1040195","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441133","reference_id":"1441133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225","reference_id":"860225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225"},{"reference_url":"https://security.archlinux.org/ASA-201704-11","reference_id":"ASA-201704-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-11"},{"reference_url":"https://security.archlinux.org/AVG-239","reference_id":"AVG-239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-239"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3137","reference_id":"CVE-2017-3137","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3137"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1095","reference_id":"RHSA-2017:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1105","reference_id":"RHSA-2017:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1582","reference_id":"RHSA-2017:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3259-1/","reference_id":"USN-3259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4dn-73sn-57c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"}],"aliases":["CVE-2017-3137"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9s-2ef5-ruct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48061","vulnerability_id":"VCID-tp19-8gsn-n7ez","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3136","reference_id":"","reference_type":"","scores":[{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97781","published_at":"2026-05-14T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97755","published_at":"2026-04-16T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97758","published_at":"2026-04-26T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97757","published_at":"2026-04-24T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97766","published_at":"2026-05-05T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97768","published_at":"2026-05-07T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97769","published_at":"2026-05-09T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.9777","published_at":"2026-05-11T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97774","published_at":"2026-05-12T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97767","published_at":"2026-04-01T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97774","published_at":"2026-04-04T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97776","published_at":"2026-04-07T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.9778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97772","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01465","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01465"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180802-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180802-0002/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3854","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3854"},{"reference_url":"http://www.securityfocus.com/bid/97653","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97653"},{"reference_url":"http://www.securitytracker.com/id/1038259","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441125","reference_id":"1441125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441125"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224","reference_id":"860224","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224"},{"reference_url":"https://security.archlinux.org/ASA-201704-11","reference_id":"ASA-201704-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-11"},{"reference_url":"https://security.archlinux.org/AVG-239","reference_id":"AVG-239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-239"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3136","reference_id":"CVE-2017-3136","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3136"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1095","reference_id":"RHSA-2017:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1105","reference_id":"RHSA-2017:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1105"},{"reference_url":"https://usn.ubuntu.com/3259-1/","reference_id":"USN-3259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4dn-73sn-57c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"}],"aliases":["CVE-2017-3136"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp19-8gsn-n7ez"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-4"},{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.1.P2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48064","vulnerability_id":"VCID-t4dn-73sn-57c1","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3140","reference_id":"","reference_type":"","scores":[{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95466","published_at":"2026-05-14T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95421","published_at":"2026-04-29T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.9543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95436","published_at":"2026-05-07T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95444","published_at":"2026-05-09T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95449","published_at":"2026-05-11T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95453","published_at":"2026-05-12T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95375","published_at":"2026-04-02T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95386","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95393","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95395","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95411","published_at":"2026-04-16T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.9542","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3140"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01495","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01495"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0001/"},{"reference_url":"http://www.securityfocus.com/bid/99088","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99088"},{"reference_url":"http://www.securitytracker.com/id/1038692","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038692"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461302","reference_id":"1461302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461302"},{"reference_url":"https://security.archlinux.org/ASA-201706-18","reference_id":"ASA-201706-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-18"},{"reference_url":"https://security.archlinux.org/AVG-301","reference_id":"AVG-301","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-301"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3140","reference_id":"CVE-2017-3140","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3140"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372962","purl":"pkg:alpm/archlinux/bind@9.11.1.P1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ddg3-vmpb-cbhs"},{"vulnerability":"VCID-tg7b-ra4c-cue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1"}],"aliases":["CVE-2017-3140"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4dn-73sn-57c1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48063","vulnerability_id":"VCID-ruf8-3syu-vyew","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3138","reference_id":"","reference_type":"","scores":[{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.9726","published_at":"2026-05-14T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-04-18T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97224","published_at":"2026-04-24T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-04-26T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97227","published_at":"2026-04-29T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97232","published_at":"2026-05-05T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-05-07T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-05-11T12:55:00Z"},{"value":"0.3793","scoring_system":"epss","scoring_elements":"0.97253","published_at":"2026-05-12T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.9725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38782","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/aa-01471","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01471"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180802-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180802-0002/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3854","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3854"},{"reference_url":"http://www.securityfocus.com/bid/97657","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97657"},{"reference_url":"http://www.securitytracker.com/id/1038260","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038260"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441137","reference_id":"1441137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441137"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226","reference_id":"860226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226"},{"reference_url":"https://security.archlinux.org/ASA-201704-11","reference_id":"ASA-201704-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-11"},{"reference_url":"https://security.archlinux.org/AVG-239","reference_id":"AVG-239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-239"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3138","reference_id":"CVE-2017-3138","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3138"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://usn.ubuntu.com/3259-1/","reference_id":"USN-3259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4dn-73sn-57c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"}],"aliases":["CVE-2017-3138"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruf8-3syu-vyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48062","vulnerability_id":"VCID-sh9s-2ef5-ruct","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3137","reference_id":"","reference_type":"","scores":[{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96496","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96574","published_at":"2026-05-14T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96551","published_at":"2026-05-05T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96553","published_at":"2026-05-07T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96559","published_at":"2026-05-09T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.9656","published_at":"2026-05-11T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96565","published_at":"2026-05-12T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.9652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96523","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.9653","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96536","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96542","published_at":"2026-04-18T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96543","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28496","scoring_system":"epss","scoring_elements":"0.96544","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/aa-01466","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01466"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180802-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180802-0002/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3854","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3854"},{"reference_url":"http://www.securityfocus.com/bid/97651","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97651"},{"reference_url":"http://www.securitytracker.com/id/1038258","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038258"},{"reference_url":"http://www.securitytracker.com/id/1040195","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441133","reference_id":"1441133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225","reference_id":"860225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225"},{"reference_url":"https://security.archlinux.org/ASA-201704-11","reference_id":"ASA-201704-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-11"},{"reference_url":"https://security.archlinux.org/AVG-239","reference_id":"AVG-239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-239"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3137","reference_id":"CVE-2017-3137","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3137"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1095","reference_id":"RHSA-2017:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1105","reference_id":"RHSA-2017:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1582","reference_id":"RHSA-2017:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1583","reference_id":"RHSA-2017:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1583"},{"reference_url":"https://usn.ubuntu.com/3259-1/","reference_id":"USN-3259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4dn-73sn-57c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"}],"aliases":["CVE-2017-3137"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9s-2ef5-ruct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48061","vulnerability_id":"VCID-tp19-8gsn-n7ez","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3136","reference_id":"","reference_type":"","scores":[{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97781","published_at":"2026-05-14T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97755","published_at":"2026-04-16T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97758","published_at":"2026-04-26T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97757","published_at":"2026-04-24T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97766","published_at":"2026-05-05T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97768","published_at":"2026-05-07T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97769","published_at":"2026-05-09T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.9777","published_at":"2026-05-11T12:55:00Z"},{"value":"0.48516","scoring_system":"epss","scoring_elements":"0.97774","published_at":"2026-05-12T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97767","published_at":"2026-04-01T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97774","published_at":"2026-04-04T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97776","published_at":"2026-04-07T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.9778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.49378","scoring_system":"epss","scoring_elements":"0.97772","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01465","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01465"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180802-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180802-0002/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3854","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3854"},{"reference_url":"http://www.securityfocus.com/bid/97653","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97653"},{"reference_url":"http://www.securitytracker.com/id/1038259","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441125","reference_id":"1441125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441125"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224","reference_id":"860224","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224"},{"reference_url":"https://security.archlinux.org/ASA-201704-11","reference_id":"ASA-201704-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-11"},{"reference_url":"https://security.archlinux.org/AVG-239","reference_id":"AVG-239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-239"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3136","reference_id":"CVE-2017-3136","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3136"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1095","reference_id":"RHSA-2017:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1105","reference_id":"RHSA-2017:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1105"},{"reference_url":"https://usn.ubuntu.com/3259-1/","reference_id":"USN-3259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373031","purl":"pkg:alpm/archlinux/bind@9.11.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4dn-73sn-57c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"}],"aliases":["CVE-2017-3136"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp19-8gsn-n7ez"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372962","purl":"pkg:alpm/archlinux/bind@9.11.1.P1-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.1.P1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.1.P2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71886","vulnerability_id":"VCID-ddg3-vmpb-cbhs","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3142","reference_id":"","reference_type":"","scores":[{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89613","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89743","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89678","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.8969","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89707","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89719","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89714","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89724","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.8963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89647","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89653","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.8966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89661","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89679","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01504","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01504"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190830-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190830-0003/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3904","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3904"},{"reference_url":"http://www.securityfocus.com/bid/99339","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99339"},{"reference_url":"http://www.securitytracker.com/id/1038809","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466189","reference_id":"1466189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466189"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564","reference_id":"866564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564"},{"reference_url":"https://security.archlinux.org/ASA-201707-3","reference_id":"ASA-201707-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-3"},{"reference_url":"https://security.archlinux.org/AVG-335","reference_id":"AVG-335","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-335"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3142","reference_id":"CVE-2017-3142","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1679","reference_id":"RHSA-2017:1679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1680","reference_id":"RHSA-2017:1680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1680"},{"reference_url":"https://usn.ubuntu.com/3346-1/","reference_id":"USN-3346-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-1/"},{"reference_url":"https://usn.ubuntu.com/3346-3/","reference_id":"USN-3346-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372963","purl":"pkg:alpm/archlinux/bind@9.11.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1"}],"aliases":["CVE-2017-3142"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddg3-vmpb-cbhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71887","vulnerability_id":"VCID-tg7b-ra4c-cue1","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3143","reference_id":"","reference_type":"","scores":[{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96329","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96418","published_at":"2026-05-14T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.9638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.9639","published_at":"2026-05-05T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96394","published_at":"2026-05-07T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.964","published_at":"2026-05-09T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96403","published_at":"2026-05-11T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96408","published_at":"2026-05-12T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96345","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96364","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96376","published_at":"2026-04-18T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96378","published_at":"2026-04-21T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96379","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:C/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01503","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01503"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190830-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190830-0003/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3904","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3904"},{"reference_url":"http://www.securityfocus.com/bid/99337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99337"},{"reference_url":"http://www.securitytracker.com/id/1038809","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466193","reference_id":"1466193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564","reference_id":"866564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564"},{"reference_url":"https://security.archlinux.org/ASA-201707-3","reference_id":"ASA-201707-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-3"},{"reference_url":"https://security.archlinux.org/AVG-335","reference_id":"AVG-335","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-335"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3143","reference_id":"CVE-2017-3143","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1679","reference_id":"RHSA-2017:1679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1680","reference_id":"RHSA-2017:1680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1680"},{"reference_url":"https://usn.ubuntu.com/3346-1/","reference_id":"USN-3346-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-1/"},{"reference_url":"https://usn.ubuntu.com/3346-3/","reference_id":"USN-3346-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372963","purl":"pkg:alpm/archlinux/bind@9.11.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1"}],"aliases":["CVE-2017-3143"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7b-ra4c-cue1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48064","vulnerability_id":"VCID-t4dn-73sn-57c1","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which allows remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3140","reference_id":"","reference_type":"","scores":[{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95466","published_at":"2026-05-14T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95421","published_at":"2026-04-29T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.9543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95436","published_at":"2026-05-07T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95444","published_at":"2026-05-09T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95449","published_at":"2026-05-11T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95453","published_at":"2026-05-12T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95375","published_at":"2026-04-02T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95386","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95393","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95395","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95411","published_at":"2026-04-16T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.95418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.19519","scoring_system":"epss","scoring_elements":"0.9542","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3140"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01495","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01495"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0001/"},{"reference_url":"http://www.securityfocus.com/bid/99088","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99088"},{"reference_url":"http://www.securitytracker.com/id/1038692","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038692"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461302","reference_id":"1461302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461302"},{"reference_url":"https://security.archlinux.org/ASA-201706-18","reference_id":"ASA-201706-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-18"},{"reference_url":"https://security.archlinux.org/AVG-301","reference_id":"AVG-301","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-301"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3140","reference_id":"CVE-2017-3140","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3140"},{"reference_url":"https://security.gentoo.org/glsa/201708-01","reference_id":"GLSA-201708-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201708-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372962","purl":"pkg:alpm/archlinux/bind@9.11.1.P1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ddg3-vmpb-cbhs"},{"vulnerability":"VCID-tg7b-ra4c-cue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1"}],"aliases":["CVE-2017-3140"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4dn-73sn-57c1"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1"}]}