Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1035849?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1035849?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5", "type": "deb", "namespace": "debian", "name": "openssh", "version": "1:6.7p1-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:9.2p1-2+deb12u8", "latest_non_vulnerable_version": "1:10.3p1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84974?format=api", "vulnerability_id": "VCID-11sf-sq1n-8ybk", "summary": "openssh: Denial of service via very long passwords", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81624", "scoring_system": "epss", "scoring_elements": "0.99184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.81624", "scoring_system": "epss", "scoring_elements": "0.99185", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.81624", "scoring_system": "epss", "scoring_elements": "0.99186", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.85051", "scoring_system": "epss", "scoring_elements": "0.99347", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.85051", "scoring_system": "epss", "scoring_elements": "0.99345", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364935", "reference_id": "1364935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364935" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823", "reference_id": "833823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40888.py", "reference_id": "CVE-2016-6515", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40888.py" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://usn.ubuntu.com/3061-1/", "reference_id": "USN-3061-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3061-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-6515" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11sf-sq1n-8ybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60627?format=api", "vulnerability_id": "VCID-27t6-mvt2-6kcd", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which allows remote attackers to cause Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92487", "scoring_system": "epss", "scoring_elements": "0.99734", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92487", "scoring_system": "epss", "scoring_elements": "0.99731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.92487", "scoring_system": "epss", "scoring_elements": "0.99735", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.92487", "scoring_system": "epss", "scoring_elements": "0.99733", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357442", "reference_id": "1357442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357442" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902", "reference_id": "831902", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Jul/51", "reference_id": "CVE-2016-6210", "reference_type": "exploit", "scores": [], "url": "http://seclists.org/fulldisclosure/2016/Jul/51" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40113.txt", "reference_id": "CVE-2016-6210", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40113.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40136.py", "reference_id": "CVE-2016-6210", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40136.py" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "GLSA-201612-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2563", "reference_id": "RHSA-2017:2563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2563" }, { "reference_url": "https://usn.ubuntu.com/3061-1/", "reference_id": "USN-3061-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3061-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035850?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sf-sq1n-8ybk" }, { "vulnerability": "VCID-27t6-mvt2-6kcd" }, { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-4fj8-vfgx-pyh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-aaue-a343-u7f5" }, { "vulnerability": "VCID-bdnh-bkx5-h3fe" }, { "vulnerability": "VCID-c72q-f2cy-eqgc" }, { "vulnerability": "VCID-e3hw-afkw-f7bt" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g5qe-8p8p-3kd6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hmqc-xunp-myap" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-kbba-6c9u-tygk" }, { "vulnerability": "VCID-myec-kc76-9bc1" }, { "vulnerability": "VCID-qt1x-kyuf-gker" }, { "vulnerability": "VCID-t1sg-4bvj-qqfk" }, { "vulnerability": "VCID-u21t-acnr-dub2" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v1vq-wecd-1ud9" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vj3u-a1c3-6qe5" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-wkpy-uwex-93db" }, { "vulnerability": "VCID-yrzy-er8x-c3ad" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-6210" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27t6-mvt2-6kcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42226?format=api", "vulnerability_id": "VCID-3mzh-y1ek-cqh9", "summary": "Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94914", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.9488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94883", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94885", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94894", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94898", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94903", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.16522", "scoring_system": "epss", "scoring_elements": "0.94907", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255271", "reference_id": "2255271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255271" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/26/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/26/4" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a", "reference_id": "7ef3787c84b6b524501211b11a26c742f829af1a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0005/", "reference_id": "ntap-20240105-0005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/" }, { "reference_url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html", "reference_id": "openssh-proxycommand-libssh-rce.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0429", "reference_id": "RHSA-2024:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0455", "reference_id": "RHSA-2024:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0594", "reference_id": "RHSA-2024:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0606", "reference_id": "RHSA-2024:0606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1130", "reference_id": "RHSA-2024:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://usn.ubuntu.com/6560-2/", "reference_id": "USN-6560-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-2/" }, { "reference_url": "https://usn.ubuntu.com/6560-3/", "reference_id": "USN-6560-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-3/" }, { "reference_url": "https://usn.ubuntu.com/6565-1/", "reference_id": "USN-6565-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6565-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2023-51385" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mzh-y1ek-cqh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84679?format=api", "vulnerability_id": "VCID-4fj8-vfgx-pyh9", "summary": "openssh: privilege escalation via Unix domain socket forwarding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25826", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25869", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25867", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25923", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25864", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25836", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25958", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406278", "reference_id": "1406278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406278" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715", "reference_id": "848715", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010", "reference_id": "CVE-2016-10010", "reference_type": "exploit", "scores": [], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt", "reference_id": "CVE-2016-10010", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt" }, { "reference_url": "https://usn.ubuntu.com/3538-1/", "reference_id": "USN-3538-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3538-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10010" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fj8-vfgx-pyh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81244?format=api", "vulnerability_id": "VCID-87uy-3q5r-r3b7", "summary": "openssh: scp can send duplicate responses to the server upon a utimes system call failure leading to overwrite of arbitrary files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74452", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74456", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74483", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74457", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74505", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74527", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.745", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74537", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854145", "reference_id": "1854145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854145" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12062" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87uy-3q5r-r3b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90988?format=api", "vulnerability_id": "VCID-a7kr-mfau-bufd", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037924?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-zncv-645p-f3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "DSA-4539-2 openssh" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7kr-mfau-bufd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62403?format=api", "vulnerability_id": "VCID-aaue-a343-u7f5", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could lead to arbitrary code execution, or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6563.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2761", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2765", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27687", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27551", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27494", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27501", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252844", "reference_id": "1252844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252844" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711", "reference_id": "795711", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "GLSA-201512-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2088", "reference_id": "RHSA-2015:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-6563" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aaue-a343-u7f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85374?format=api", "vulnerability_id": "VCID-bdnh-bkx5-h3fe", "summary": "openssh: out-of-bounds read in packet handling code", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1907.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1907.json" }, { "reference_url": "https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64802", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64764", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64681", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64733", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64761", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64771", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64786", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64791", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1907" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "reference_url": "http://www.openssh.com/txt/release-7.1p2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openssh.com/txt/release-7.1p2" }, { "reference_url": "http://www.securityfocus.com/bid/81293", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81293" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298746", "reference_id": "1298746", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298746" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1907", "reference_id": "CVE-2016-1907", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1907" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-1907" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdnh-bkx5-h3fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83710?format=api", "vulnerability_id": "VCID-c72q-f2cy-eqgc", "summary": "openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86813", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86848", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.8684", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.86857", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537929", "reference_id": "1537929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://usn.ubuntu.com/3809-1/", "reference_id": "USN-3809-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3809-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10708" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c72q-f2cy-eqgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61832?format=api", "vulnerability_id": "VCID-e3hw-afkw-f7bt", "summary": "Multiple vulnerabilities have been found in OpenSSH, allowing\n attackers to leak client memory to a server, including private keys.", "references": [ { "reference_url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "reference_id": "", "reference_type": "", "scores": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "reference_url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83826", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83787", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83797", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83792", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83755", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02029", "scoring_system": "epss", "scoring_elements": "0.83781", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02099", "scoring_system": "epss", "scoring_elements": "0.83999", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02099", "scoring_system": "epss", "scoring_elements": "0.83985", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0778" }, { "reference_url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" }, { "reference_url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Jan/44", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2016/Jan/44" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT206167" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3446", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3446" }, { "reference_url": "http://www.openssh.com/txt/release-7.1p2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openssh.com/txt/release-7.1p2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/14/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/80698", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/80698" }, { "reference_url": "http://www.securitytracker.com/id/1034671", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034671" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2869-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2869-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298033", "reference_id": "1298033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298033" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0778", "reference_id": "CVE-2016-0778", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0778" }, { "reference_url": "https://security.gentoo.org/glsa/201601-01", "reference_id": "GLSA-201601-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201601-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0043", "reference_id": "RHSA-2016:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0043" }, { "reference_url": "https://usn.ubuntu.com/2869-1/", "reference_id": "USN-2869-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2869-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035850?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sf-sq1n-8ybk" }, { "vulnerability": "VCID-27t6-mvt2-6kcd" }, { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-4fj8-vfgx-pyh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-aaue-a343-u7f5" }, { "vulnerability": "VCID-bdnh-bkx5-h3fe" }, { "vulnerability": "VCID-c72q-f2cy-eqgc" }, { "vulnerability": "VCID-e3hw-afkw-f7bt" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g5qe-8p8p-3kd6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hmqc-xunp-myap" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-kbba-6c9u-tygk" }, { "vulnerability": "VCID-myec-kc76-9bc1" }, { "vulnerability": "VCID-qt1x-kyuf-gker" }, { "vulnerability": "VCID-t1sg-4bvj-qqfk" }, { "vulnerability": "VCID-u21t-acnr-dub2" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v1vq-wecd-1ud9" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vj3u-a1c3-6qe5" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-wkpy-uwex-93db" }, { "vulnerability": "VCID-yrzy-er8x-c3ad" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-0778" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3hw-afkw-f7bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80019?format=api", "vulnerability_id": "VCID-fczw-59xy-83c6", "summary": "openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50737", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50874", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50833", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50832", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008291", "reference_id": "2008291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008291" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130", "reference_id": "995130", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130" }, { "reference_url": "https://security.archlinux.org/AVG-2422", "reference_id": "AVG-2422", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4782", "reference_id": "RHSA-2021:4782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2013", "reference_id": "RHSA-2022:2013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2013" }, { "reference_url": "https://usn.ubuntu.com/5666-1/", "reference_id": "USN-5666-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5666-1/" }, { "reference_url": "https://usn.ubuntu.com/6565-1/", "reference_id": "USN-6565-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6565-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2021-41617" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fczw-59xy-83c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60624?format=api", "vulnerability_id": "VCID-g5qe-8p8p-3kd6", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which allows remote attackers to cause Denial of Service.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json" }, { "reference_url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29386", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29352", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29424", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.2933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29454", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29319", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29383", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8325" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180628-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180628-0001/" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2015-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2015-8325" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3550" }, { "reference_url": "http://www.securityfocus.com/bid/86187", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/86187" }, { "reference_url": "http://www.securitytracker.com/id/1036487", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036487" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012", "reference_id": "1328012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8325", "reference_id": "CVE-2015-8325", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8325" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "GLSA-201612-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2588", "reference_id": "RHSA-2016:2588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2588" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0641", "reference_id": "RHSA-2017:0641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0641" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035850?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sf-sq1n-8ybk" }, { "vulnerability": "VCID-27t6-mvt2-6kcd" }, { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-4fj8-vfgx-pyh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-aaue-a343-u7f5" }, { "vulnerability": "VCID-bdnh-bkx5-h3fe" }, { "vulnerability": "VCID-c72q-f2cy-eqgc" }, { "vulnerability": "VCID-e3hw-afkw-f7bt" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g5qe-8p8p-3kd6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hmqc-xunp-myap" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-kbba-6c9u-tygk" }, { "vulnerability": "VCID-myec-kc76-9bc1" }, { "vulnerability": "VCID-qt1x-kyuf-gker" }, { "vulnerability": "VCID-t1sg-4bvj-qqfk" }, { "vulnerability": "VCID-u21t-acnr-dub2" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v1vq-wecd-1ud9" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vj3u-a1c3-6qe5" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-wkpy-uwex-93db" }, { "vulnerability": "VCID-yrzy-er8x-c3ad" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-8325" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5qe-8p8p-3kd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57307?format=api", "vulnerability_id": "VCID-g8g3-ts9j-8uab", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could allow a remote attacker to gain unauthorized access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6109.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6109.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07414", "scoring_system": "epss", "scoring_elements": "0.91703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92953", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92943", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92924", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92927", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92935", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92939", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.92944", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666119", "reference_id": "1666119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666119" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412", "reference_id": "793412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412" }, { "reference_url": "https://security.archlinux.org/ASA-201904-11", "reference_id": "ASA-201904-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-11" }, { "reference_url": "https://security.archlinux.org/AVG-951", "reference_id": "AVG-951", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-951" }, { "reference_url": "https://security.gentoo.org/glsa/201903-16", "reference_id": "GLSA-201903-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3702", "reference_id": "RHSA-2019:3702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "reference_url": "https://usn.ubuntu.com/3885-1/", "reference_id": "USN-3885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037924?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-zncv-645p-f3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2019-6109" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8g3-ts9j-8uab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39451?format=api", "vulnerability_id": "VCID-ge2m-my5w-z3eb", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could allow a remote attacker to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46999", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47051", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47036", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47054", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47002", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47057", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47077", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935055", "reference_id": "1935055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935055" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940", "reference_id": "984940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940" }, { "reference_url": "https://security.archlinux.org/ASA-202103-6", "reference_id": "ASA-202103-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-6" }, { "reference_url": "https://security.archlinux.org/AVG-1657", "reference_id": "AVG-1657", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1657" }, { "reference_url": "https://security.gentoo.org/glsa/202105-35", "reference_id": "GLSA-202105-35", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-35" }, { "reference_url": "https://usn.ubuntu.com/4762-1/", "reference_id": "USN-4762-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4762-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2021-28041" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ge2m-my5w-z3eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57310?format=api", "vulnerability_id": "VCID-gzmm-8kvw-6qbv", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could allow a remote attacker to gain unauthorized access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98021", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.9802", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98016", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98026", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.54405", "scoring_system": "epss", "scoring_elements": "0.98007", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/18/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/08/02/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1" }, { "reference_url": "http://www.securityfocus.com/bid/106741", "reference_id": "106741", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://www.securityfocus.com/bid/106741" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666127", "reference_id": "1666127", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666127" }, { "reference_url": "https://www.exploit-db.com/exploits/46193/", "reference_id": "46193", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.exploit-db.com/exploits/46193/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486", "reference_id": "923486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486" }, { "reference_url": "https://security.archlinux.org/ASA-201904-11", "reference_id": "ASA-201904-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-11" }, { "reference_url": "https://security.archlinux.org/AVG-951", "reference_id": "AVG-951", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-951" }, { "reference_url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", "reference_id": "c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", "reference_id": "c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", "reference_id": "d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4387", "reference_id": "dsa-4387", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "reference_url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", "reference_id": "e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", "reference_id": "FreeBSD-EN-19:10.scp.asc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc" }, { "reference_url": "https://security.gentoo.org/glsa/201903-16", "reference_id": "GLSA-201903-16", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", "reference_id": "msg00058.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "reference_id": "ntap-20190213-0001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3702", "reference_id": "RHSA-2019:3702", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "reference_url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "reference_id": "scp.c", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", "reference_id": "show_bug.cgi?id=1677794", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794" }, { "reference_url": "https://usn.ubuntu.com/3885-1/", "reference_id": "USN-3885-1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://usn.ubuntu.com/3885-1/" }, { "reference_url": "https://usn.ubuntu.com/3885-2/", "reference_id": "USN-3885-2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://usn.ubuntu.com/3885-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", "reference_id": "W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037924?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-zncv-645p-f3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2019-6111" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzmm-8kvw-6qbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47189?format=api", "vulnerability_id": "VCID-ha8v-pqwf-r3a1", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98813", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98808", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.73977", "scoring_system": "epss", "scoring_elements": "0.98815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.73977", "scoring_system": "epss", "scoring_elements": "0.98818", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://seclists.org/oss-sec/2025/q1/144", "reference_id": "144", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://seclists.org/oss-sec/2025/q1/144" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780", "reference_id": "2344780", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780" }, { "reference_url": "https://access.redhat.com/solutions/7109879", "reference_id": "7109879", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/solutions/7109879" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-26465", "reference_id": "CVE-2025-26465", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-26465" }, { "reference_url": "https://security.gentoo.org/glsa/202502-01", "reference_id": "GLSA-202502-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202502-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16823", "reference_id": "RHSA-2025:16823", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3837", "reference_id": "RHSA-2025:3837", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6993", "reference_id": "RHSA-2025:6993", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6993" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7270-1/", "reference_id": "USN-7270-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7270-1/" }, { "reference_url": "https://usn.ubuntu.com/7270-2/", "reference_id": "USN-7270-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7270-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-26465" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha8v-pqwf-r3a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60626?format=api", "vulnerability_id": "VCID-hmqc-xunp-myap", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which allows remote attackers to cause Denial of Service.", "references": [ { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html" }, { "reference_url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97547", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97538", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97539", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97514", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97532", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.43987", "scoring_system": "epss", "scoring_elements": "0.97536", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3115" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Mar/46", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2016/Mar/46" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Mar/47", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2016/Mar/47" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "https://www.exploit-db.com/exploits/39569/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/39569/" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc" }, { "reference_url": "http://www.openssh.com/txt/x11fwd.adv", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openssh.com/txt/x11fwd.adv" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "reference_url": "http://www.securityfocus.com/bid/84314", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/84314" }, { "reference_url": "http://www.securitytracker.com/id/1035249", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035249" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316829", "reference_id": "1316829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316829" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115", "reference_id": "CVE-2016-3115", "reference_type": "exploit", "scores": [], "url": "https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py", "reference_id": "CVE-2016-3115", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3115", "reference_id": "CVE-2016-3115", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:N" }, { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3115" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "GLSA-201612-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0465", "reference_id": "RHSA-2016:0465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0466", "reference_id": "RHSA-2016:0466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0466" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-3115" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmqc-xunp-myap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70416?format=api", "vulnerability_id": "VCID-hse5-y15y-n3dw", "summary": "openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50759", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50835", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50794", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50813", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig", "reference_id": "013_ssh.patch.sig", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig" }, { "reference_url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html", "reference_id": "041879.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603", "reference_id": "1102603", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767", "reference_id": "2358767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367", "reference_id": "fc86875e6acb36401dfc1dfb6b628a9d1460f367", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367" }, { "reference_url": "https://www.openssh.com/txt/release-10.0", "reference_id": "release-10.0", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://www.openssh.com/txt/release-10.0" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20126", "reference_id": "RHSA-2025:20126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20126" }, { "reference_url": "https://usn.ubuntu.com/7457-1/", "reference_id": "USN-7457-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7457-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-32728" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hse5-y15y-n3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20351?format=api", "vulnerability_id": "VCID-jzn6-bzzf-nugp", "summary": "Improper Validation of Integrity Check Value\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98124", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98134", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98129", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98128", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98114", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98119", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.5673", "scoring_system": "epss", "scoring_elements": "0.98123", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48795" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "reference_url": "https://bugs.gentoo.org/920280", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugs.gentoo.org/920280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "reference_url": "https://crates.io/crates/thrussh/versions", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://crates.io/crates/thrussh/versions" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Mar/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "reference_url": "https://filezilla-project.org/versions.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://filezilla-project.org/versions.php" }, { "reference_url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/mina-sshd/issues/445", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/apache/mina-sshd/issues/445" }, { "reference_url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "reference_url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "reference_url": "https://github.com/cyd01/KiTTY/issues/520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "reference_url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "reference_url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "reference_url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "reference_url": "https://github.com/hierynomus/sshj/issues/916", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/hierynomus/sshj/issues/916" }, { "reference_url": "https://github.com/janmojzis/tinyssh/issues/81", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "reference_url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "reference_url": "https://github.com/libssh2/libssh2/pull/1291", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "reference_url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "reference_url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "reference_url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "reference_url": "https://github.com/mwiede/jsch/issues/457", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/issues/457" }, { "reference_url": "https://github.com/mwiede/jsch/pull/461", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/pull/461" }, { "reference_url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "reference_url": "https://github.com/NixOS/nixpkgs/pull/275249", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "reference_url": "https://github.com/openssh/openssh-portable/commits/master", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/issues/456", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/issues/456" }, { "reference_url": "https://github.com/rapier1/hpn-ssh/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "reference_url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "reference_url": "https://github.com/ronf/asyncssh/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ronf/asyncssh/tags" }, { "reference_url": "https://github.com/ssh-mitm/ssh-mitm/issues/165", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "reference_url": "https://github.com/warp-tech/russh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh" }, { "reference_url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" }, { "reference_url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "reference_url": "https://gitlab.com/libssh/libssh-mirror/-/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "reference_url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "reference_url": "https://go.dev/cl/550715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/550715" }, { "reference_url": "https://go.dev/issue/64784", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/64784" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://help.panic.com/releasenotes/transmit5" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://help.panic.com/releasenotes/transmit5/" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://matt.ucc.asn.au/dropbear/CHANGES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "reference_url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "reference_url": "https://news.ycombinator.com/item?id=38684904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38684904" }, { "reference_url": "https://news.ycombinator.com/item?id=38685286", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38685286" }, { "reference_url": "https://news.ycombinator.com/item?id=38732005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38732005" }, { "reference_url": "https://nova.app/releases/#v11.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://nova.app/releases/#v11.8" }, { "reference_url": "https://oryx-embedded.com/download/#changelog", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://oryx-embedded.com/download/#changelog" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "reference_url": "https://roumenpetrov.info/secsh/#news20231220", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "reference_url": "https://security.gentoo.org/glsa/202312-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "reference_url": "https://security.gentoo.org/glsa/202312-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/libssh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "reference_url": "https://support.apple.com/kb/HT214084", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://support.apple.com/kb/HT214084" }, { "reference_url": "https://twitter.com/TrueSkrillor/status/1736774389725565005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "reference_url": "https://winscp.net/eng/docs/history#6.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "reference_url": "https://www.bitvise.com/ssh-client-version-history#933", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "reference_url": "https://www.bitvise.com/ssh-server-version-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.bitvise.com/ssh-server-version-history" }, { "reference_url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "reference_url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5586", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5588", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "reference_url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.netsarang.com/en/xshell-update-history" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "reference_url": "https://www.openssh.com/openbsd.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openssh.com/openbsd.html" }, { "reference_url": "https://www.openssh.com/txt/release-9.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openssh.com/txt/release-9.6" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "https://www.paramiko.org/changelog.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.paramiko.org/changelog.html" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "reference_url": "https://www.terrapin-attack.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.terrapin-attack.com" }, { "reference_url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "reference_url": "https://www.vandyke.com/products/securecrt/history.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/17/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001", "reference_id": "1059001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002", "reference_id": "1059002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003", "reference_id": "1059003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004", "reference_id": "1059004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005", "reference_id": "1059005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006", "reference_id": "1059006", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007", "reference_id": "1059007", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058", "reference_id": "1059058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144", "reference_id": "1059144", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290", "reference_id": "1059290", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294", "reference_id": "1059294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "reference_id": "33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "reference_id": "3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "reference_id": "3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "reference_id": "6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "reference_id": "BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "reference_id": "C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "reference_id": "CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "reference_url": "https://ubuntu.com/security/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "reference_id": "CVE-2023-48795-AND-SFTP-GATEWAY", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "reference_id": "CVE-2023-48795-AND-SFTP-GATEWAY", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "reference_id": "CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability", "reference_id": "CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "reference_id": "GHSA-45x7-px36-x8w8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "reference_id": "GHSA-45x7-px36-x8w8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://security.gentoo.org/glsa/202407-11", "reference_id": "GLSA-202407-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-11" }, { "reference_url": "https://security.gentoo.org/glsa/202407-12", "reference_id": "GLSA-202407-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-12" }, { "reference_url": "https://security.gentoo.org/glsa/202509-06", "reference_id": "GLSA-202509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-06" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "reference_id": "HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "reference_id": "I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "reference_id": "KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "reference_id": "L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "reference_id": "LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004/", "reference_id": "ntap-20240105-0004", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7197", "reference_id": "RHSA-2023:7197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7198", "reference_id": "RHSA-2023:7198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7201", "reference_id": "RHSA-2023:7201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0040", "reference_id": "RHSA-2024:0040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0429", "reference_id": "RHSA-2024:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0455", "reference_id": "RHSA-2024:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0499", "reference_id": "RHSA-2024:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0538", "reference_id": "RHSA-2024:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0594", "reference_id": "RHSA-2024:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0606", "reference_id": "RHSA-2024:0606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0625", "reference_id": "RHSA-2024:0625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0628", "reference_id": "RHSA-2024:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0766", "reference_id": "RHSA-2024:0766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0789", "reference_id": "RHSA-2024:0789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0843", "reference_id": "RHSA-2024:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0880", "reference_id": "RHSA-2024:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0954", "reference_id": "RHSA-2024:0954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1130", "reference_id": "RHSA-2024:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1150", "reference_id": "RHSA-2024:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1192", "reference_id": "RHSA-2024:1192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1193", "reference_id": "RHSA-2024:1193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1196", "reference_id": "RHSA-2024:1196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1197", "reference_id": "RHSA-2024:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1210", "reference_id": "RHSA-2024:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1557", "reference_id": "RHSA-2024:1557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1859", "reference_id": "RHSA-2024:1859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2728", "reference_id": "RHSA-2024:2728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2735", "reference_id": "RHSA-2024:2735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2768", "reference_id": "RHSA-2024:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2988", "reference_id": "RHSA-2024:2988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3479", "reference_id": "RHSA-2024:3479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3634", "reference_id": "RHSA-2024:3634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3635", "reference_id": "RHSA-2024:3635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3636", "reference_id": "RHSA-2024:3636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3918", "reference_id": "RHSA-2024:3918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4010", "reference_id": "RHSA-2024:4010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4151", "reference_id": "RHSA-2024:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4329", "reference_id": "RHSA-2024:4329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4479", "reference_id": "RHSA-2024:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4484", "reference_id": "RHSA-2024:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4597", "reference_id": "RHSA-2024:4597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4662", "reference_id": "RHSA-2024:4662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4955", "reference_id": "RHSA-2024:4955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4959", "reference_id": "RHSA-2024:4959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5200", "reference_id": "RHSA-2024:5200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5432", "reference_id": "RHSA-2024:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5433", "reference_id": "RHSA-2024:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5438", "reference_id": "RHSA-2024:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8235", "reference_id": "RHSA-2024:8235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4664", "reference_id": "RHSA-2025:4664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4664" }, { "reference_url": "https://usn.ubuntu.com/6560-1/", "reference_id": "USN-6560-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-1/" }, { "reference_url": "https://usn.ubuntu.com/6560-2/", "reference_id": "USN-6560-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-2/" }, { "reference_url": "https://usn.ubuntu.com/6561-1/", "reference_id": "USN-6561-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6561-1/" }, { "reference_url": "https://usn.ubuntu.com/6585-1/", "reference_id": "USN-6585-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6585-1/" }, { "reference_url": "https://usn.ubuntu.com/6589-1/", "reference_id": "USN-6589-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6589-1/" }, { "reference_url": "https://usn.ubuntu.com/6598-1/", "reference_id": "USN-6598-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6598-1/" }, { "reference_url": "https://usn.ubuntu.com/6738-1/", "reference_id": "USN-6738-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6738-1/" }, { "reference_url": "https://usn.ubuntu.com/7051-1/", "reference_id": "USN-7051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7051-1/" }, { "reference_url": "https://usn.ubuntu.com/7292-1/", "reference_id": "USN-7292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7292-1/" }, { "reference_url": "https://usn.ubuntu.com/7297-1/", "reference_id": "USN-7297-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7297-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2023-48795", "GHSA-45x7-px36-x8w8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzn6-bzzf-nugp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62401?format=api", "vulnerability_id": "VCID-kbba-6c9u-tygk", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could lead to arbitrary code execution, or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90079", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90081", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90093", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90119", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90128", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90127", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90121", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90138", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238231", "reference_id": "1238231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790798", "reference_id": "790798", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790798" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "GLSA-201512-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" }, { "reference_url": "https://usn.ubuntu.com/2710-1/", "reference_id": "USN-2710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2710-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-5352" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbba-6c9u-tygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60625?format=api", "vulnerability_id": "VCID-myec-kc76-9bc1", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which allows remote attackers to cause Denial of Service.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2016/01/15/13", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2016/01/15/13" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json" }, { "reference_url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84369", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84351", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84347", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.8428", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84335", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02179", "scoring_system": "epss", "scoring_elements": "0.84359", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1908" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "http://www.openssh.com/txt/release-7.2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openssh.com/txt/release-7.2" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "http://www.securityfocus.com/bid/84427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/84427" }, { "reference_url": "http://www.securitytracker.com/id/1034705", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034705" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741", "reference_id": "1298741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1908", "reference_id": "CVE-2016-1908", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1908" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "GLSA-201612-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0465", "reference_id": "RHSA-2016:0465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-1908" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myec-kc76-9bc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84680?format=api", "vulnerability_id": "VCID-qt1x-kyuf-gker", "summary": "openssh: Leak of host private key material to privilege-separated child process via realloc()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03889", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03879", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03899", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03928", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03937", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03954", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03946", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406286", "reference_id": "1406286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716", "reference_id": "848716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://usn.ubuntu.com/3538-1/", "reference_id": "USN-3538-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3538-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10011" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qt1x-kyuf-gker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62402?format=api", "vulnerability_id": "VCID-t1sg-4bvj-qqfk", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could lead to arbitrary code execution, or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5600.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5600.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70907", "scoring_system": "epss", "scoring_elements": "0.9869", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.70907", "scoring_system": "epss", "scoring_elements": "0.98691", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.70907", "scoring_system": "epss", "scoring_elements": "0.98694", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.70907", "scoring_system": "epss", "scoring_elements": "0.98697", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.70907", "scoring_system": "epss", "scoring_elements": "0.98698", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.73594", "scoring_system": "epss", "scoring_elements": "0.98803", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.73594", "scoring_system": "epss", "scoring_elements": "0.98806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.73594", "scoring_system": "epss", "scoring_elements": "0.98807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73594", "scoring_system": "epss", "scoring_elements": "0.98808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73594", "scoring_system": "epss", "scoring_elements": "0.98812", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245969", "reference_id": "1245969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245969" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793616", "reference_id": "793616", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793616" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "GLSA-201512-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2088", "reference_id": "RHSA-2015:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0466", "reference_id": "RHSA-2016:0466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0466" }, { "reference_url": "https://usn.ubuntu.com/2710-1/", "reference_id": "USN-2710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2710-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-5600" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1sg-4bvj-qqfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84681?format=api", "vulnerability_id": "VCID-u21t-acnr-dub2", "summary": "openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05742", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05768", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05746", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05738", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05733", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05702", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05904", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05837", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406293", "reference_id": "1406293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717", "reference_id": "848717", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://usn.ubuntu.com/3538-1/", "reference_id": "USN-3538-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3538-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10012" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u21t-acnr-dub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44840?format=api", "vulnerability_id": "VCID-ubjj-qb2c-n3d4", "summary": "An integer overflow in OpenSSH might allow an attacker to execute\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5048", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50537", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50564", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50518", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50573", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50569", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50612", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50616", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767966", "reference_id": "1767966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767966" }, { "reference_url": "https://security.gentoo.org/glsa/201911-01", "reference_id": "GLSA-201911-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2019-16905" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubjj-qb2c-n3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84678?format=api", "vulnerability_id": "VCID-v1vq-wecd-1ud9", "summary": "openssh: loading of untrusted PKCS#11 modules in ssh-agent", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.815", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81602", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81565", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81511", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81533", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81564", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81584", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406269", "reference_id": "1406269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406269" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714", "reference_id": "848714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009", "reference_id": "CVE-2016-10009", "reference_type": "exploit", "scores": [], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt", "reference_id": "CVE-2016-10009", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://usn.ubuntu.com/3538-1/", "reference_id": "USN-3538-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3538-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10009" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1vq-wecd-1ud9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41455?format=api", "vulnerability_id": "VCID-v27n-4vt2-rffw", "summary": "A flaw has been discovered in OpenSSH which could allow a remote\n attacker to create zero-length files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15906.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15906.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.8571", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.85747", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.85723", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.85741", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.85766", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03174", "scoring_system": "epss", "scoring_elements": "0.86961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03174", "scoring_system": "epss", "scoring_elements": "0.86965", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03174", "scoring_system": "epss", "scoring_elements": "0.86947", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03174", "scoring_system": "epss", "scoring_elements": "0.86956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03174", "scoring_system": "epss", "scoring_elements": "0.8695", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15906" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506630", "reference_id": "1506630", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506630" }, { "reference_url": "https://security.gentoo.org/glsa/201801-05", "reference_id": "GLSA-201801-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0980", "reference_id": "RHSA-2018:0980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0980" }, { "reference_url": "https://usn.ubuntu.com/3538-1/", "reference_id": "USN-3538-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3538-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037924?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-zncv-645p-f3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2017-15906" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v27n-4vt2-rffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60628?format=api", "vulnerability_id": "VCID-vj3u-a1c3-6qe5", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which allows remote attackers to cause Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8858.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96347", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96359", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96375", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96379", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96382", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27135", "scoring_system": "epss", "scoring_elements": "0.96389", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860", "reference_id": "1384860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841884", "reference_id": "841884", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841884" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "GLSA-201612-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-8858" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vj3u-a1c3-6qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47326?format=api", "vulnerability_id": "VCID-vrgz-eguk-k3dy", "summary": "Multiple vulnerabilities have been found in Dropbear, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20685.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87396", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87327", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87352", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.8739", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87381", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/106531", "reference_id": "106531", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "http://www.securityfocus.com/bid/106531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665785", "reference_id": "1665785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665785" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2", "reference_id": "6010c0303a422a9c5fa8860c061bf7105eb7f8b2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101", "reference_id": "919101", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101" }, { "reference_url": "https://security.archlinux.org/ASA-201904-11", "reference_id": "ASA-201904-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-11" }, { "reference_url": "https://security.archlinux.org/AVG-951", "reference_id": "AVG-951", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-951" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4387", "reference_id": "dsa-4387", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "reference_url": "https://security.gentoo.org/glsa/201903-16", "reference_id": "GLSA-201903-16", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "reference_url": "https://security.gentoo.org/glsa/202007-53", "reference_id": "GLSA-202007-53", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://security.gentoo.org/glsa/202007-53" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190215-0001/", "reference_id": "ntap-20190215-0001", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190215-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3702", "reference_id": "RHSA-2019:3702", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "reference_url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h", "reference_id": "scp.c.diff?r1=1.197&r2=1.198&f=h", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h" }, { "reference_url": "https://usn.ubuntu.com/3885-1/", "reference_id": "USN-3885-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://usn.ubuntu.com/3885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037924?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-zncv-645p-f3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2018-20685" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrgz-eguk-k3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61831?format=api", "vulnerability_id": "VCID-wkpy-uwex-93db", "summary": "Multiple vulnerabilities have been found in OpenSSH, allowing\n attackers to leak client memory to a server, including private keys.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.67203", "scoring_system": "epss", "scoring_elements": "0.98548", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.67203", "scoring_system": "epss", "scoring_elements": "0.98549", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.67203", "scoring_system": "epss", "scoring_elements": "0.9856", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.67203", "scoring_system": "epss", "scoring_elements": "0.98561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.67203", "scoring_system": "epss", "scoring_elements": "0.98566", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.67203", "scoring_system": "epss", "scoring_elements": "0.98558", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.7041", "scoring_system": "epss", "scoring_elements": "0.98679", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.7041", "scoring_system": "epss", "scoring_elements": "0.98682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.7041", "scoring_system": "epss", "scoring_elements": "0.98684", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298032", "reference_id": "1298032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298032" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984", "reference_id": "810984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984" }, { "reference_url": "https://security.gentoo.org/glsa/201601-01", "reference_id": "GLSA-201601-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201601-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0043", "reference_id": "RHSA-2016:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0043" }, { "reference_url": "https://usn.ubuntu.com/2869-1/", "reference_id": "USN-2869-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2869-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035850?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sf-sq1n-8ybk" }, { "vulnerability": "VCID-27t6-mvt2-6kcd" }, { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-4fj8-vfgx-pyh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-aaue-a343-u7f5" }, { "vulnerability": "VCID-bdnh-bkx5-h3fe" }, { "vulnerability": "VCID-c72q-f2cy-eqgc" }, { "vulnerability": "VCID-e3hw-afkw-f7bt" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g5qe-8p8p-3kd6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hmqc-xunp-myap" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-kbba-6c9u-tygk" }, { "vulnerability": "VCID-myec-kc76-9bc1" }, { "vulnerability": "VCID-qt1x-kyuf-gker" }, { "vulnerability": "VCID-t1sg-4bvj-qqfk" }, { "vulnerability": "VCID-u21t-acnr-dub2" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v1vq-wecd-1ud9" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vj3u-a1c3-6qe5" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-wkpy-uwex-93db" }, { "vulnerability": "VCID-yrzy-er8x-c3ad" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-0777" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkpy-uwex-93db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62404?format=api", "vulnerability_id": "VCID-yrzy-er8x-c3ad", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could lead to arbitrary code execution, or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83736", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83763", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83766", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.8379", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83796", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83812", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83806", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.83835", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252852", "reference_id": "1252852", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252852" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711", "reference_id": "795711", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "GLSA-201512-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2088", "reference_id": "RHSA-2015:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-6564" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzy-er8x-c3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50012?format=api", "vulnerability_id": "VCID-zncv-645p-f3gn", "summary": "Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98447", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98448", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98443", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66852", "scoring_system": "epss", "scoring_elements": "0.98543", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.69995", "scoring_system": "epss", "scoring_elements": "0.98659", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.69995", "scoring_system": "epss", "scoring_elements": "0.98662", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460", "reference_id": "1042460", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/20/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224173", "reference_id": "2224173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224173" }, { "reference_url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8", "reference_id": "7bc29a9d5cd697290aa056e94ecee6253d3425f8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/", "reference_id": "CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" }, { "reference_url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent", "reference_id": "cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408", "reference_id": "exploring-opensshs-agent-forwarding-rce-cve-2023-38408", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408" }, { "reference_url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d", "reference_id": "f03a4faa55c4ce0818324701dadbf91988d7351d", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d" }, { "reference_url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca", "reference_id": "f8f5a6b003981bb824329dc987d101977beda7ca", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca" }, { "reference_url": "https://security.gentoo.org/glsa/202307-01", "reference_id": "GLSA-202307-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://security.gentoo.org/glsa/202307-01" }, { "reference_url": "https://support.apple.com/kb/HT213940", "reference_id": "HT213940", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://support.apple.com/kb/HT213940" }, { "reference_url": "https://news.ycombinator.com/item?id=36790196", "reference_id": "item?id=36790196", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://news.ycombinator.com/item?id=36790196" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230803-0010/", "reference_id": "ntap-20230803-0010", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/", "reference_id": "RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" }, { "reference_url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt", "reference_id": "rce-openssh-forwarded-ssh-agent.txt", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" }, { "reference_url": "https://www.openssh.com/txt/release-9.3p2", "reference_id": "release-9.3p2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.openssh.com/txt/release-9.3p2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4329", "reference_id": "RHSA-2023:4329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4381", "reference_id": "RHSA-2023:4381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4382", "reference_id": "RHSA-2023:4382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4383", "reference_id": "RHSA-2023:4383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4384", "reference_id": "RHSA-2023:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4412", "reference_id": "RHSA-2023:4412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4413", "reference_id": "RHSA-2023:4413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4419", "reference_id": "RHSA-2023:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4428", "reference_id": "RHSA-2023:4428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4889", "reference_id": "RHSA-2023:4889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4889" }, { "reference_url": "https://www.openssh.com/security.html", "reference_id": "security.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.openssh.com/security.html" }, { "reference_url": "https://usn.ubuntu.com/6242-1/", "reference_id": "USN-6242-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6242-1/" }, { "reference_url": "https://usn.ubuntu.com/6242-2/", "reference_id": "USN-6242-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6242-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050195?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-b4uc-yh56-muej" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2023-38408" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zncv-645p-f3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34932?format=api", "vulnerability_id": "VCID-zxw6-2um9-23e7", "summary": "A vulnerability in OpenSSH might allow remote attackers to\n determine valid usernames.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.99603", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.99602", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.99601", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.99605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.99604", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1041487", "reference_id": "1041487", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "http://www.securitytracker.com/id/1041487" }, { "reference_url": "http://www.securityfocus.com/bid/105140", "reference_id": "105140", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "http://www.securityfocus.com/bid/105140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619063", "reference_id": "1619063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619063" }, { "reference_url": "https://www.exploit-db.com/exploits/45210/", "reference_id": "45210", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.exploit-db.com/exploits/45210/" }, { "reference_url": "https://www.exploit-db.com/exploits/45233/", "reference_id": "45233", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.exploit-db.com/exploits/45233/" }, { "reference_url": "https://www.exploit-db.com/exploits/45939/", "reference_id": "45939", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.exploit-db.com/exploits/45939/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2018/08/15/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { "reference_url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", "reference_id": "779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { "reference_url": "https://bugs.debian.org/906236", "reference_id": "906236", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://bugs.debian.org/906236" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236", "reference_id": "906236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236" }, { "reference_url": "https://security.archlinux.org/AVG-763", "reference_id": "AVG-763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-763" }, { "reference_url": "https://bugfuzz.com/stuff/ssh-check-username.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://bugfuzz.com/stuff/ssh-check-username.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4280", "reference_id": "dsa-4280", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4280" }, { "reference_url": "https://security.gentoo.org/glsa/201810-03", "reference_id": "GLSA-201810-03", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://security.gentoo.org/glsa/201810-03" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181101-0001/", "reference_id": "ntap-20181101-0001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0711", "reference_id": "RHSA-2019:0711", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2143", "reference_id": "RHSA-2019:2143", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2143" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", "reference_id": "SNWLID-2018-0011", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" }, { "reference_url": "https://usn.ubuntu.com/3809-1/", "reference_id": "USN-3809-1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://usn.ubuntu.com/3809-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037085?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-a7kr-mfau-bufd" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-g8g3-ts9j-8uab" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-gzmm-8kvw-6qbv" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-v27n-4vt2-rffw" }, { "vulnerability": "VCID-vrgz-eguk-k3dy" }, { "vulnerability": "VCID-zncv-645p-f3gn" }, { "vulnerability": "VCID-zxw6-2um9-23e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037924?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mzh-y1ek-cqh9" }, { "vulnerability": "VCID-87uy-3q5r-r3b7" }, { "vulnerability": "VCID-fczw-59xy-83c6" }, { "vulnerability": "VCID-ge2m-my5w-z3eb" }, { "vulnerability": "VCID-ha8v-pqwf-r3a1" }, { "vulnerability": "VCID-hse5-y15y-n3dw" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-ubjj-qb2c-n3d4" }, { "vulnerability": "VCID-zncv-645p-f3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2018-15473" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxw6-2um9-23e7" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5" }