Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049892?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049892?format=api", "purl": "pkg:deb/debian/sssd@1.15.0-3%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "sssd", "version": "1.15.0-3+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.0-4", "latest_non_vulnerable_version": "2.12.0-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82960?format=api", "vulnerability_id": "VCID-5hxw-dnz2-v7by", "summary": "sssd: fallback_homedir returns '/' for empty home directories in passwd file", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3811.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3811.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3811", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30475", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30362", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30457", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30412", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30363", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30381", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30503", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30549", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30419", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30454", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3811" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3811" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html" }, { "reference_url": "http://www.securityfocus.com/bid/106644", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106644" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618", "reference_id": "1656618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919051", "reference_id": "919051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919051" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3811", "reference_id": "CVE-2019-3811", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2177", "reference_id": "RHSA-2019:2177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2177" }, { "reference_url": "https://usn.ubuntu.com/5067-1/", "reference_id": "USN-5067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049894?format=api", "purl": "pkg:deb/debian/sssd@2.4.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-ztj4-pvvh-wuay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.4.1-2" } ], "aliases": [ "CVE-2019-3811" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hxw-dnz2-v7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83366?format=api", "vulnerability_id": "VCID-bveu-ff3p-gfh7", "summary": "sssd: information leak from the sssd-sudo responder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10852.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10852.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50657", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50793", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50748", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50744", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50788", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50764", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50711", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50736", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50692", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10852" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html" }, { "reference_url": "http://www.securityfocus.com/bid/104547", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104547" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588810", "reference_id": "1588810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588810" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902860", "reference_id": "902860", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902860" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10852", "reference_id": "CVE-2018-10852", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3158", "reference_id": "RHSA-2018:3158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3158" }, { "reference_url": "https://usn.ubuntu.com/5067-1/", "reference_id": "USN-5067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049893?format=api", "purl": "pkg:deb/debian/sssd@1.16.3-3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hxw-dnz2-v7by" }, { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-t5gr-yesx-hqah" }, { "vulnerability": "VCID-yn22-35eg-1khb" }, { "vulnerability": "VCID-zee4-1xpd-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.16.3-3.2" } ], "aliases": [ "CVE-2018-10852" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bveu-ff3p-gfh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83909?format=api", "vulnerability_id": "VCID-jhrd-1f8g-6ueh", "summary": "sssd: unsanitized input when searching in local cache database", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12173.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.6343", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63559", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63515", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63552", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63516", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.6348", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63532", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63549", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63565", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12173" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498173", "reference_id": "1498173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498173" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877885", "reference_id": "877885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3379", "reference_id": "RHSA-2017:3379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1877", "reference_id": "RHSA-2018:1877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1877" }, { "reference_url": "https://usn.ubuntu.com/3526-1/", "reference_id": "USN-3526-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3526-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049893?format=api", "purl": "pkg:deb/debian/sssd@1.16.3-3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hxw-dnz2-v7by" }, { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-t5gr-yesx-hqah" }, { "vulnerability": "VCID-yn22-35eg-1khb" }, { "vulnerability": "VCID-zee4-1xpd-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.16.3-3.2" } ], "aliases": [ "CVE-2017-12173" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhrd-1f8g-6ueh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56200?format=api", "vulnerability_id": "VCID-r1m1-kp4g-pbc7", "summary": "A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3621.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3621.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59531", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59646", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59605", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5963", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5965", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59663", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59683", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59665", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3621" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142", "reference_id": "1975142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992710", "reference_id": "992710", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992710" }, { "reference_url": "https://security.archlinux.org/AVG-2314", "reference_id": "AVG-2314", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2314" }, { "reference_url": "https://security.gentoo.org/glsa/202407-05", "reference_id": "GLSA-202407-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3151", "reference_id": "RHSA-2021:3151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3178", "reference_id": "RHSA-2021:3178", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3178" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3235", "reference_id": "RHSA-2021:3235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3336", "reference_id": "RHSA-2021:3336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3365", "reference_id": "RHSA-2021:3365", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3477", "reference_id": "RHSA-2021:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3477" }, { "reference_url": "https://usn.ubuntu.com/5067-1/", "reference_id": "USN-5067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055708?format=api", "purl": "pkg:deb/debian/sssd@2.8.2-4%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ztj4-pvvh-wuay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.8.2-4%252Bdeb12u1" } ], "aliases": [ "CVE-2021-3621" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1m1-kp4g-pbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76845?format=api", "vulnerability_id": "VCID-t4w3-vj56-4fcq", "summary": "sssd: Race condition during authorization leads to GPO policies functioning inconsistently", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0802", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08004", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11696", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3758" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070369", "reference_id": "1070369", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070369" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223762", "reference_id": "2223762", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223762" }, { "reference_url": "https://github.com/SSSD/sssd/pull/7302", "reference_id": "7302", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://github.com/SSSD/sssd/pull/7302" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.0::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhev_hypervisor:4.4::el8", "reference_id": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhev_hypervisor:4.4::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3758", "reference_id": "CVE-2023-3758", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1919", "reference_id": "RHSA-2024:1919", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1920", "reference_id": "RHSA-2024:1920", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1921", "reference_id": "RHSA-2024:1921", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1922", "reference_id": "RHSA-2024:1922", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2571", "reference_id": "RHSA-2024:2571", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3270", "reference_id": "RHSA-2024:3270", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-06T16:31:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3270" }, { "reference_url": "https://usn.ubuntu.com/6836-1/", "reference_id": "USN-6836-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6836-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055708?format=api", "purl": "pkg:deb/debian/sssd@2.8.2-4%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ztj4-pvvh-wuay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.8.2-4%252Bdeb12u1" } ], "aliases": [ "CVE-2023-3758" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4w3-vj56-4fcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78718?format=api", "vulnerability_id": "VCID-t5gr-yesx-hqah", "summary": "sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4254.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4254.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23191", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23255", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23278", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2324", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23199", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4254" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4254", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4254" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894", "reference_id": "2149894", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894" }, { "reference_url": "https://github.com/SSSD/sssd/issues/5135", "reference_id": "5135", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/" } ], "url": "https://github.com/SSSD/sssd/issues/5135" }, { "reference_url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274", "reference_id": "a2b9a84460429181f2a4fa7e2bb5ab49fd561274", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/" } ], "url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-4254", "reference_id": "CVE-2022-4254", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-4254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0397", "reference_id": "RHSA-2023:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0403", "reference_id": "RHSA-2023:0403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0442", "reference_id": "RHSA-2023:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0442" }, { "reference_url": "https://usn.ubuntu.com/6156-1/", "reference_id": "USN-6156-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6156-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049894?format=api", "purl": "pkg:deb/debian/sssd@2.4.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-ztj4-pvvh-wuay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.4.1-2" } ], "aliases": [ "CVE-2022-4254" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5gr-yesx-hqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82801?format=api", "vulnerability_id": "VCID-yn22-35eg-1khb", "summary": "sssd: improper implementation of GPOs due to too restrictive permissions", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75895", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75992", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75951", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75989", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75899", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75931", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.7591", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75957", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00919", "scoring_system": "epss", "scoring_elements": "0.75981", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16838" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820", "reference_id": "1640820", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931432", "reference_id": "931432", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931432" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16838", "reference_id": "CVE-2018-16838", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2177", "reference_id": "RHSA-2019:2177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2437", "reference_id": "RHSA-2019:2437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3651", "reference_id": "RHSA-2019:3651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3651" }, { "reference_url": "https://usn.ubuntu.com/5067-1/", "reference_id": "USN-5067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049894?format=api", "purl": "pkg:deb/debian/sssd@2.4.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-ztj4-pvvh-wuay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.4.1-2" } ], "aliases": [ "CVE-2018-16838" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn22-35eg-1khb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82928?format=api", "vulnerability_id": "VCID-zee4-1xpd-27bc", "summary": "sssd: Information leak in infopipe due to an improper uid restriction", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.318", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31929", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31972", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31843", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31876", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31834", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31814", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659862", "reference_id": "1659862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659862" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916824", "reference_id": "916824", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049894?format=api", "purl": "pkg:deb/debian/sssd@2.4.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-ztj4-pvvh-wuay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.4.1-2" } ], "aliases": [ "CVE-2018-16883" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zee4-1xpd-27bc" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85515?format=api", "vulnerability_id": "VCID-zz4w-9935-q3gc", "summary": "sssd: memory leak in the sssd_pac_plugin", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html" }, { "reference_url": "http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422", "reference_id": "", "reference_type": "", "scores": [], "url": "http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2019.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2355.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2355.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5292.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85879", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85784", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85815", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85848", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85863", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.8586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02687", "scoring_system": "epss", "scoring_elements": "0.85874", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5292" }, { "reference_url": "https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch" }, { "reference_url": "https://fedorahosted.org/sssd/ticket/2803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://fedorahosted.org/sssd/ticket/2803" }, { "reference_url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.securityfocus.com/bid/77529", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/77529" }, { "reference_url": "http://www.securitytracker.com/id/1034038", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267580", "reference_id": "1267580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267580" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5292", "reference_id": "CVE-2015-5292", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2019", "reference_id": "RHSA-2015:2019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2355", "reference_id": "RHSA-2015:2355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2355" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049892?format=api", "purl": "pkg:deb/debian/sssd@1.15.0-3%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hxw-dnz2-v7by" }, { "vulnerability": "VCID-bveu-ff3p-gfh7" }, { "vulnerability": "VCID-jhrd-1f8g-6ueh" }, { "vulnerability": "VCID-r1m1-kp4g-pbc7" }, { "vulnerability": "VCID-t4w3-vj56-4fcq" }, { "vulnerability": "VCID-t5gr-yesx-hqah" }, { "vulnerability": "VCID-yn22-35eg-1khb" }, { "vulnerability": "VCID-zee4-1xpd-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.15.0-3%252Bdeb9u1" } ], "aliases": [ "CVE-2015-5292" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zz4w-9935-q3gc" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.15.0-3%252Bdeb9u1" }