Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037290?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037290?format=api", "purl": "pkg:deb/debian/file@1:5.30-1%2Bdeb9u3", "type": "deb", "namespace": "debian", "name": "file", "version": "1:5.30-1+deb9u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:5.39-3+deb11u1", "latest_non_vulnerable_version": "1:5.39-3+deb11u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56449?format=api", "vulnerability_id": "VCID-479u-yvtq-4qde", "summary": "A stack-based buffer overflow was found in file, possibly resulting\n in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000249.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000249.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3396", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33946", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3403", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.34061", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33916", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33958", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3399", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33989", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000249" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249" }, { "reference_url": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793" }, { "reference_url": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3965", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488053", "reference_id": "1488053", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488053" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000249", "reference_id": "CVE-2017-1000249", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000249" }, { "reference_url": "https://security.gentoo.org/glsa/201710-02", "reference_id": "GLSA-201710-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-02" }, { "reference_url": "https://usn.ubuntu.com/3412-1/", "reference_id": "USN-3412-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3412-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2017-1000249" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-479u-yvtq-4qde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60262?format=api", "vulnerability_id": "VCID-dn25-adac-e3cr", "summary": "A vulnerability has been discovered in file, which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48554.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06099", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06158", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48554" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235714", "reference_id": "2235714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235714" }, { "reference_url": "https://security.gentoo.org/glsa/202409-06", "reference_id": "GLSA-202409-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2512", "reference_id": "RHSA-2024:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2512" }, { "reference_url": "https://usn.ubuntu.com/6359-1/", "reference_id": "USN-6359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6359-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049154?format=api", "purl": "pkg:deb/debian/file@1:5.39-3%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1" } ], "aliases": [ "CVE-2022-48554" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn25-adac-e3cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82775?format=api", "vulnerability_id": "VCID-dnwd-kqz6-p3ek", "summary": "file: stack-based buffer over-read in do_core_note in readelf.c", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26608", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2656", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26503", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26483", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26551", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8905" }, { "reference_url": "https://bugs.astron.com/view.php?id=63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.astron.com/view.php?id=63" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html" }, { "reference_url": "http://www.securityfocus.com/bid/107137", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107137" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679181", "reference_id": "1679181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679181" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968", "reference_id": "922968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968" }, { "reference_url": "https://security.archlinux.org/ASA-201903-5", "reference_id": "ASA-201903-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-5" }, { "reference_url": "https://security.archlinux.org/AVG-907", "reference_id": "AVG-907", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-907" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8905", "reference_id": "CVE-2019-8905", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8905" }, { "reference_url": "https://usn.ubuntu.com/3911-1/", "reference_id": "USN-3911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2019-8905" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwd-kqz6-p3ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44719?format=api", "vulnerability_id": "VCID-fupq-ukq7-r7ac", "summary": "A heap-based buffer overflow in file might allow remote attackers\n to execute arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38676", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38817", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38835", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38798", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38814", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38762", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38812", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18218" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200115-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200115-0001/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4550" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765272", "reference_id": "1765272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765272" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830", "reference_id": "942830", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830" }, { "reference_url": "https://security.archlinux.org/ASA-202001-2", "reference_id": "ASA-202001-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202001-2" }, { "reference_url": "https://security.archlinux.org/AVG-1083", "reference_id": "AVG-1083", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1083" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18218", "reference_id": "CVE-2019-18218", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18218" }, { "reference_url": "https://security.gentoo.org/glsa/202003-24", "reference_id": "GLSA-202003-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4374", "reference_id": "RHSA-2021:4374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4374" }, { "reference_url": "https://usn.ubuntu.com/4172-1/", "reference_id": "USN-4172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4172-1/" }, { "reference_url": "https://usn.ubuntu.com/4172-2/", "reference_id": "USN-4172-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4172-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049154?format=api", "purl": "pkg:deb/debian/file@1:5.39-3%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-18218" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fupq-ukq7-r7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82903?format=api", "vulnerability_id": "VCID-p13b-2a4m-sbfx", "summary": "file: do_core_note in readelf.c allows remote attackers to cause a denial of service", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74734", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74814", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74786", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.7481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74789", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74779", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74737", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74738", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74771", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8907" }, { "reference_url": "https://bugs.astron.com/view.php?id=65", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.astron.com/view.php?id=65" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679138", "reference_id": "1679138", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679138" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968", "reference_id": "922968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968" }, { "reference_url": "https://security.archlinux.org/ASA-201903-5", "reference_id": "ASA-201903-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-5" }, { "reference_url": "https://security.archlinux.org/AVG-907", "reference_id": "AVG-907", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-907" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8907", "reference_id": "CVE-2019-8907", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8907" }, { "reference_url": "https://usn.ubuntu.com/3911-1/", "reference_id": "USN-3911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2019-8907" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p13b-2a4m-sbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60296?format=api", "vulnerability_id": "VCID-q9eh-jb32-xfgz", "summary": "A vulnerability in file could lead to a Denial of Service\n condition.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10360.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10360.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65969", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81616", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81627", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81647", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81674", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81679", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01597", "scoring_system": "epss", "scoring_elements": "0.81698", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", "reference_id": "1590000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590000" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901351", "reference_id": "901351", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901351" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", "reference_id": "CVE-2018-10360", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360" }, { "reference_url": "https://security.gentoo.org/glsa/201806-08", "reference_id": "GLSA-201806-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201806-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1022", "reference_id": "RHSA-2020:1022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2521", "reference_id": "RHSA-2020:2521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2768", "reference_id": "RHSA-2020:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2838", "reference_id": "RHSA-2020:2838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2838" }, { "reference_url": "https://usn.ubuntu.com/3686-1/", "reference_id": "USN-3686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3686-1/" }, { "reference_url": "https://usn.ubuntu.com/3686-2/", "reference_id": "USN-3686-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3686-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2018-10360" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9eh-jb32-xfgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82904?format=api", "vulnerability_id": "VCID-t8q1-8y52-e7dp", "summary": "file: out-of-bounds read in do_core_note in readelf.c", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8906.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8906.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22887", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22959", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23018", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23037", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22893", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22966", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8906" }, { "reference_url": "https://bugs.astron.com/view.php?id=64", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.astron.com/view.php?id=64" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f" }, { "reference_url": "https://support.apple.com/kb/HT209599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT209599" }, { "reference_url": "https://support.apple.com/kb/HT209600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT209600" }, { "reference_url": "https://support.apple.com/kb/HT209601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT209601" }, { "reference_url": "https://support.apple.com/kb/HT209602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT209602" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679175", "reference_id": "1679175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679175" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969", "reference_id": "922969", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969" }, { "reference_url": "https://security.archlinux.org/ASA-201903-5", "reference_id": "ASA-201903-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-5" }, { "reference_url": "https://security.archlinux.org/AVG-907", "reference_id": "AVG-907", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-907" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8906", "reference_id": "CVE-2019-8906", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8906" }, { "reference_url": "https://usn.ubuntu.com/3911-1/", "reference_id": "USN-3911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2019-8906" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8q1-8y52-e7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82776?format=api", "vulnerability_id": "VCID-zqgq-d1nu-qbd5", "summary": "file: stack-based buffer over-read in do_bid_note in readelf.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68638", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68702", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.6872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68743", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68674", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68651", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8904" }, { "reference_url": "https://bugs.astron.com/view.php?id=62", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.astron.com/view.php?id=62" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8904" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/107130", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107130" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679188", "reference_id": "1679188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679188" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922967", "reference_id": "922967", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922967" }, { "reference_url": "https://security.archlinux.org/ASA-201903-5", "reference_id": "ASA-201903-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-5" }, { "reference_url": "https://security.archlinux.org/AVG-907", "reference_id": "AVG-907", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-907" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8904", "reference_id": "CVE-2019-8904", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8904" }, { "reference_url": "https://usn.ubuntu.com/3911-1/", "reference_id": "USN-3911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2019-8904" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqgq-d1nu-qbd5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56449?format=api", "vulnerability_id": "VCID-479u-yvtq-4qde", "summary": "A stack-based buffer overflow was found in file, possibly resulting\n in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000249.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000249.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3396", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33946", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3403", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.34061", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33916", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33958", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3399", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33989", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000249" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249" }, { "reference_url": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793" }, { "reference_url": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3965", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488053", "reference_id": "1488053", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488053" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000249", "reference_id": "CVE-2017-1000249", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000249" }, { "reference_url": "https://security.gentoo.org/glsa/201710-02", "reference_id": "GLSA-201710-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-02" }, { "reference_url": "https://usn.ubuntu.com/3412-1/", "reference_id": "USN-3412-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3412-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037290?format=api", "purl": "pkg:deb/debian/file@1:5.30-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-479u-yvtq-4qde" }, { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-dnwd-kqz6-p3ek" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" }, { "vulnerability": "VCID-p13b-2a4m-sbfx" }, { "vulnerability": "VCID-q9eh-jb32-xfgz" }, { "vulnerability": "VCID-t8q1-8y52-e7dp" }, { "vulnerability": "VCID-zqgq-d1nu-qbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" } ], "aliases": [ "CVE-2017-1000249" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-479u-yvtq-4qde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44719?format=api", "vulnerability_id": "VCID-fupq-ukq7-r7ac", "summary": "A heap-based buffer overflow in file might allow remote attackers\n to execute arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38676", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38817", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38835", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38798", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38814", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38762", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38812", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18218" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200115-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200115-0001/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4550" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765272", "reference_id": "1765272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765272" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830", "reference_id": "942830", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830" }, { "reference_url": "https://security.archlinux.org/ASA-202001-2", "reference_id": "ASA-202001-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202001-2" }, { "reference_url": "https://security.archlinux.org/AVG-1083", "reference_id": "AVG-1083", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1083" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18218", "reference_id": "CVE-2019-18218", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18218" }, { "reference_url": "https://security.gentoo.org/glsa/202003-24", "reference_id": "GLSA-202003-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4374", "reference_id": "RHSA-2021:4374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4374" }, { "reference_url": "https://usn.ubuntu.com/4172-1/", "reference_id": "USN-4172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4172-1/" }, { "reference_url": "https://usn.ubuntu.com/4172-2/", "reference_id": "USN-4172-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4172-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037290?format=api", "purl": "pkg:deb/debian/file@1:5.30-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-479u-yvtq-4qde" }, { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-dnwd-kqz6-p3ek" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" }, { "vulnerability": "VCID-p13b-2a4m-sbfx" }, { "vulnerability": "VCID-q9eh-jb32-xfgz" }, { "vulnerability": "VCID-t8q1-8y52-e7dp" }, { "vulnerability": "VCID-zqgq-d1nu-qbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038020?format=api", "purl": "pkg:deb/debian/file@1:5.35-4%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049154?format=api", "purl": "pkg:deb/debian/file@1:5.39-3%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-18218" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fupq-ukq7-r7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47795?format=api", "vulnerability_id": "VCID-zkut-a5an-r7ae", "summary": "Multiple vulnerabilities have been found in file, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "http://bugs.gw.com/view.php?id=522", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.gw.com/view.php?id=522" }, { "reference_url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fe13566c93f118a15a96320a546c7878fd0cfc5e", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fe13566c93f118a15a96320a546c7878fd0cfc5e" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77084", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77187", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77151", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.7709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.7712", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77102", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01014", "scoring_system": "epss", "scoring_elements": "0.77144", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8865" }, { "reference_url": "https://bugs.php.net/bug.php?id=71527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=71527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" }, { "reference_url": "https://security.gentoo.org/glsa/201611-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-22" }, { "reference_url": "https://support.apple.com/HT206567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT206567" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3560", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3560" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/04/24/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1" }, { "reference_url": "http://www.php.net/ChangeLog-5.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.php.net/ChangeLog-5.php" }, { "reference_url": "http://www.php.net/ChangeLog-7.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.php.net/ChangeLog-7.php" }, { "reference_url": "http://www.securityfocus.com/bid/85802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/85802" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2952-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2952-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2952-2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2952-2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323118", "reference_id": "1323118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323118" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827377", "reference_id": "827377", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827377" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8865", "reference_id": "CVE-2015-8865", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8865" }, { "reference_url": "https://security.gentoo.org/glsa/201701-42", "reference_id": "GLSA-201701-42", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2984-1/", "reference_id": "USN-2984-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2984-1/" }, { "reference_url": "https://usn.ubuntu.com/3686-1/", "reference_id": "USN-3686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3686-1/" }, { "reference_url": "https://usn.ubuntu.com/3686-2/", "reference_id": "USN-3686-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3686-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037290?format=api", "purl": "pkg:deb/debian/file@1:5.30-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-479u-yvtq-4qde" }, { "vulnerability": "VCID-dn25-adac-e3cr" }, { "vulnerability": "VCID-dnwd-kqz6-p3ek" }, { "vulnerability": "VCID-fupq-ukq7-r7ac" }, { "vulnerability": "VCID-p13b-2a4m-sbfx" }, { "vulnerability": "VCID-q9eh-jb32-xfgz" }, { "vulnerability": "VCID-t8q1-8y52-e7dp" }, { "vulnerability": "VCID-zqgq-d1nu-qbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3" } ], "aliases": [ "CVE-2015-8865" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkut-a5an-r7ae" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3" }