Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1036453?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1036453?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1", "type": "deb", "namespace": "debian", "name": "libvorbis", "version": "1.3.1-1+squeeze1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.3.6-2", "latest_non_vulnerable_version": "1.3.6-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60096?format=api", "vulnerability_id": "VCID-45n4-j354-v3c4", "summary": "Multiple vulnerabilities have been found in libvorbis, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10392.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.8055", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80637", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80605", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80557", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80579", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80572", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01423", "scoring_system": "epss", "scoring_elements": "0.80627", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10392" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.xiph.org/xiph/vorbis/issues/2335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.xiph.org/xiph/vorbis/issues/2335" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574193", "reference_id": "1574193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876780", "reference_id": "876780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876780" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10392", "reference_id": "CVE-2018-10392", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10392" }, { "reference_url": "https://security.gentoo.org/glsa/202003-36", "reference_id": "GLSA-202003-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3703", "reference_id": "RHSA-2019:3703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3703" }, { "reference_url": "https://usn.ubuntu.com/5420-1/", "reference_id": "USN-5420-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5420-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2018-10392" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-45n4-j354-v3c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60097?format=api", "vulnerability_id": "VCID-6qp9-715s-8kdu", "summary": "Multiple vulnerabilities have been found in libvorbis, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10393.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59331", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59481", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.5946", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59442", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59404", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59428", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59393", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59444", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59476", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10393" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.xiph.org/xiph/vorbis/issues/2334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.xiph.org/xiph/vorbis/issues/2334" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574194", "reference_id": "1574194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574194" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876780", "reference_id": "876780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876780" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10393", "reference_id": "CVE-2018-10393", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10393" }, { "reference_url": "https://security.gentoo.org/glsa/202003-36", "reference_id": "GLSA-202003-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3703", "reference_id": "RHSA-2019:3703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3703" }, { "reference_url": "https://usn.ubuntu.com/5420-1/", "reference_id": "USN-5420-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5420-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2018-10393" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qp9-715s-8kdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61820?format=api", "vulnerability_id": "VCID-fdue-dg92-13cp", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could lead to the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5146.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.97368", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.97381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.9738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.97373", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.97361", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.97384", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.41108", "scoring_system": "epss", "scoring_elements": "0.97383", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.44797", "scoring_system": "epss", "scoring_elements": "0.97579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.44797", "scoring_system": "epss", "scoring_elements": "0.97587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.55641", "scoring_system": "epss", "scoring_elements": "0.98092", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5146" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1446062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1446062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4140" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4143" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4155" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2018-08/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2018-08/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2018-09/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/" }, { "reference_url": "http://www.securityfocus.com/bid/103432", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103432" }, { "reference_url": "http://www.securitytracker.com/id/1040544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557221", "reference_id": "1557221", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557221" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893130", "reference_id": "893130", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893130" }, { "reference_url": "https://security.archlinux.org/ASA-201803-12", "reference_id": "ASA-201803-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-12" }, { "reference_url": "https://security.archlinux.org/ASA-201803-13", "reference_id": "ASA-201803-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-13" }, { "reference_url": "https://security.archlinux.org/ASA-201803-21", "reference_id": "ASA-201803-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-21" }, { "reference_url": "https://security.archlinux.org/ASA-201803-22", "reference_id": "ASA-201803-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-22" }, { "reference_url": "https://security.archlinux.org/AVG-367", "reference_id": "AVG-367", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-367" }, { "reference_url": "https://security.archlinux.org/AVG-657", "reference_id": "AVG-657", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-657" }, { "reference_url": "https://security.archlinux.org/AVG-658", "reference_id": "AVG-658", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-658" }, { "reference_url": "https://security.archlinux.org/AVG-663", "reference_id": "AVG-663", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-663" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5146", "reference_id": "CVE-2018-5146", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5146" }, { "reference_url": "https://security.gentoo.org/glsa/201811-13", "reference_id": "GLSA-201811-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08", "reference_id": "mfsa2018-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-09", "reference_id": "mfsa2018-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0549", "reference_id": "RHSA-2018:0549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0647", "reference_id": "RHSA-2018:0647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0648", "reference_id": "RHSA-2018:0648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0649", "reference_id": "RHSA-2018:0649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1058", "reference_id": "RHSA-2018:1058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1058" }, { "reference_url": "https://usn.ubuntu.com/3545-1/", "reference_id": "USN-3545-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3545-1/" }, { "reference_url": "https://usn.ubuntu.com/3599-1/", "reference_id": "USN-3599-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3599-1/" }, { "reference_url": "https://usn.ubuntu.com/3604-1/", "reference_id": "USN-3604-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3604-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036456?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.4-2%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.4-2%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037109?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2018-5146" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdue-dg92-13cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55033?format=api", "vulnerability_id": "VCID-gajm-zb2s-ukgz", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92419", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92368", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92398", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.92409", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08566", "scoring_system": "epss", "scoring_elements": "0.9242", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197", "reference_id": "664197", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026", "reference_id": "786026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444", "reference_id": "CVE-2012-0444", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07", "reference_id": "mfsa2012-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0136", "reference_id": "RHSA-2012:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0136" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" }, { "reference_url": "https://usn.ubuntu.com/1370-1/", "reference_id": "USN-1370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1370-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036454?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.2-1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.2-1.3" } ], "aliases": [ "CVE-2012-0444" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gajm-zb2s-ukgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63800?format=api", "vulnerability_id": "VCID-qvsc-tr3r-9fc9", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.84929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.85028", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.85005", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.85026", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.84943", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.84961", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.84965", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.84988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.84995", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.85011", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02385", "scoring_system": "epss", "scoring_elements": "0.85009", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480643", "reference_id": "1480643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480643" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870341", "reference_id": "870341", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870341" }, { "reference_url": "https://security.archlinux.org/ASA-201803-12", "reference_id": "ASA-201803-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-12" }, { "reference_url": "https://security.archlinux.org/AVG-367", "reference_id": "AVG-367", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-367" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42399.txt", "reference_id": "CVE-2017-11735;CVE-2017-11333", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42399.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037109?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2017-11333" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvsc-tr3r-9fc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63801?format=api", "vulnerability_id": "VCID-ukgq-ajbx-dug6", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91056", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.9113", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91092", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91098", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91131", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.91061", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06507", "scoring_system": "epss", "scoring_elements": "0.9107", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.xiph.org/xiph/vorbis/issues/2328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.xiph.org/xiph/vorbis/issues/2328" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4113" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499952", "reference_id": "1499952", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499952" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876779", "reference_id": "876779", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876779" }, { "reference_url": "https://security.archlinux.org/ASA-201803-12", "reference_id": "ASA-201803-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-12" }, { "reference_url": "https://security.archlinux.org/ASA-201803-21", "reference_id": "ASA-201803-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-21" }, { "reference_url": "https://security.archlinux.org/AVG-367", "reference_id": "AVG-367", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-367" }, { "reference_url": "https://security.archlinux.org/AVG-658", "reference_id": "AVG-658", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-658" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14632", "reference_id": "CVE-2017-14632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14632" }, { "reference_url": "https://usn.ubuntu.com/3569-1/", "reference_id": "USN-3569-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3569-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037109?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2017-14632" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukgq-ajbx-dug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60095?format=api", "vulnerability_id": "VCID-wst6-s2k4-kkdj", "summary": "Multiple vulnerabilities have been found in libvorbis, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/09/21/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2017/09/21/2" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81359", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81463", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81462", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81368", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81389", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81417", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81422", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html" }, { "reference_url": "http://www.securityfocus.com/bid/101045", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101045" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499991", "reference_id": "1499991", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499991" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876780", "reference_id": "876780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876780" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14160", "reference_id": "CVE-2017-14160", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14160" }, { "reference_url": "https://security.gentoo.org/glsa/202003-36", "reference_id": "GLSA-202003-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-36" }, { "reference_url": "https://usn.ubuntu.com/5420-1/", "reference_id": "USN-5420-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5420-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2017-14160" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wst6-s2k4-kkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63802?format=api", "vulnerability_id": "VCID-wvm2-2xak-5fbn", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67723", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67647", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67698", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67713", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67736", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67721", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67688", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76965", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76935", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.xiph.org/xiph/vorbis/issues/2329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.xiph.org/xiph/vorbis/issues/2329" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4113" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499959", "reference_id": "1499959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499959" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876778", "reference_id": "876778", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876778" }, { "reference_url": "https://security.archlinux.org/ASA-201803-12", "reference_id": "ASA-201803-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-12" }, { "reference_url": "https://security.archlinux.org/ASA-201803-21", "reference_id": "ASA-201803-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-21" }, { "reference_url": "https://security.archlinux.org/AVG-367", "reference_id": "AVG-367", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-367" }, { "reference_url": "https://security.archlinux.org/AVG-658", "reference_id": "AVG-658", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-658" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14633", "reference_id": "CVE-2017-14633", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14633" }, { "reference_url": "https://usn.ubuntu.com/3569-1/", "reference_id": "USN-3569-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3569-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037109?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052555?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.6-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2" } ], "aliases": [ "CVE-2017-14633" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvm2-2xak-5fbn" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88458?format=api", "vulnerability_id": "VCID-12w2-ffkf-7bfv", "summary": "vorbis: insufficient validation of Huffman tree causing memory corruption in _make_decode_tree()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2009.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88877", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.889", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88921", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88927", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88933", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88946", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0434", "scoring_system": "epss", "scoring_elements": "0.88944", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2009" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=444443", "reference_id": "444443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482039", "reference_id": "482039", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482039" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0271", "reference_id": "RHSA-2008:0271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0271" }, { "reference_url": "https://usn.ubuntu.com/861-1/", "reference_id": "USN-861-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/861-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036453?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-gajm-zb2s-ukgz" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1" } ], "aliases": [ "CVE-2008-2009" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12w2-ffkf-7bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53017?format=api", "vulnerability_id": "VCID-55cd-r9yc-nfan", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89569", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89515", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89519", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89553", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.8956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89559", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89567", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765", "reference_id": "531765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379", "reference_id": "CVE-2009-3379", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1561", "reference_id": "RHSA-2009:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1561" }, { "reference_url": "https://usn.ubuntu.com/861-1/", "reference_id": "USN-861-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/861-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036453?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-gajm-zb2s-ukgz" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1" } ], "aliases": [ "CVE-2009-3379" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-55cd-r9yc-nfan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59769?format=api", "vulnerability_id": "VCID-xdfe-jqzv-rbb4", "summary": "A processing error in libvorbis might result in the execution of arbitrary\n code or a Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84518", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84496", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84517", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84425", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84441", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.8446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84482", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84488", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02221", "scoring_system": "epss", "scoring_elements": "0.84501", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2663" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=516259", "reference_id": "516259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516259" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540958", "reference_id": "540958", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540958" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663", "reference_id": "CVE-2009-2663", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663" }, { "reference_url": "https://security.gentoo.org/glsa/200909-02", "reference_id": "GLSA-200909-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200909-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1219", "reference_id": "RHSA-2009:1219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1219" }, { "reference_url": "https://usn.ubuntu.com/825-1/", "reference_id": "USN-825-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/825-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036453?format=api", "purl": "pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45n4-j354-v3c4" }, { "vulnerability": "VCID-6qp9-715s-8kdu" }, { "vulnerability": "VCID-fdue-dg92-13cp" }, { "vulnerability": "VCID-gajm-zb2s-ukgz" }, { "vulnerability": "VCID-qvsc-tr3r-9fc9" }, { "vulnerability": "VCID-ukgq-ajbx-dug6" }, { "vulnerability": "VCID-wst6-s2k4-kkdj" }, { "vulnerability": "VCID-wvm2-2xak-5fbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1" } ], "aliases": [ "CVE-2009-2663" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdfe-jqzv-rbb4" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1" }