Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1050150?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "type": "deb", "namespace": "debian", "name": "ceph", "version": "14.2.21-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "18.2.8+ds-1", "latest_non_vulnerable_version": "18.2.8+ds-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64960?format=api", "vulnerability_id": "VCID-18bk-met9-qfc9", "summary": "pybind: Improper use of Pybind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31884.json" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573", "reference_id": "1126573", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907", "reference_id": "2389907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2711", "reference_id": "RHSA-2026:2711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2800", "reference_id": "RHSA-2026:2800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2800" }, { "reference_url": "https://usn.ubuntu.com/8045-1/", "reference_id": "USN-8045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8045-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/586723?format=api", "purl": "pkg:deb/debian/ceph@18.2.8%2Bds-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.8%252Bds-1" } ], "aliases": [ "CVE-2024-31884" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18bk-met9-qfc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66482?format=api", "vulnerability_id": "VCID-1yz5-m9s7-nqdm", "summary": "rgw: RGW DoS attack with empty HTTP header in S3 object copy", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47866.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47866.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37504", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40424", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40541", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40504", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40484", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40532", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.405", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41399", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43654", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43591", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43642", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47866" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47866" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120797", "reference_id": "1120797", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392386", "reference_id": "2392386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392386" }, { "reference_url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8", "reference_id": "GHSA-mgrm-g92q-f8h8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T15:29:41Z/" } ], "url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8" }, { "reference_url": "https://usn.ubuntu.com/8045-1/", "reference_id": "USN-8045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8045-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/586723?format=api", "purl": "pkg:deb/debian/ceph@18.2.8%2Bds-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.8%252Bds-1" } ], "aliases": [ "CVE-2024-47866" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1yz5-m9s7-nqdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78067?format=api", "vulnerability_id": "VCID-47cr-h639-tqd4", "summary": "rgw: improperly verified POST keys", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05746", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05746", "scoring_system": "epss", "scoring_elements": "0.90467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05746", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90823", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90868", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90893", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.9089", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90844", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90855", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90862", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.9087", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43040" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053690", "reference_id": "1053690", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216855", "reference_id": "2216855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216855" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807", "reference_id": "266807", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:41:59Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807" }, { "reference_url": "https://www.ibm.com/support/pages/node/7151040", "reference_id": "7151040", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:41:59Z/" } ], "url": "https://www.ibm.com/support/pages/node/7151040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0745", "reference_id": "RHSA-2024:0745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0745" }, { "reference_url": "https://usn.ubuntu.com/6613-1/", "reference_id": "USN-6613-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6613-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" } ], "aliases": [ "CVE-2023-43040" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47cr-h639-tqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30954?format=api", "vulnerability_id": "VCID-54nw-yq6d-2ueu", "summary": "A vulnerability has been found in Ceph which can lead to root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3650.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3650.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07161", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07193", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07106", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07084", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07177", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07185", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3650" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3650", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3650" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024932", "reference_id": "1024932", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024932" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136909", "reference_id": "2136909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136909" }, { "reference_url": "https://security.gentoo.org/glsa/202312-10", "reference_id": "GLSA-202312-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202312-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0980", "reference_id": "RHSA-2023:0980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0980" }, { "reference_url": "https://usn.ubuntu.com/6063-1/", "reference_id": "USN-6063-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6063-1/" }, { "reference_url": "https://usn.ubuntu.com/6292-1/", "reference_id": "USN-6292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6292-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" } ], "aliases": [ "CVE-2022-3650" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54nw-yq6d-2ueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79187?format=api", "vulnerability_id": "VCID-5bgn-2pbq-6yd1", "summary": "ceph: user/tenant can obtain access (read/write) to any share", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0670.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41515", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41604", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41632", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41607", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44827", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44967", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4496", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4491", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44819", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0670" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016069", "reference_id": "1016069", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050728", "reference_id": "2050728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5997", "reference_id": "RHSA-2022:5997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5997" }, { "reference_url": "https://usn.ubuntu.com/6063-1/", "reference_id": "USN-6063-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6063-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" } ], "aliases": [ "CVE-2022-0670" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bgn-2pbq-6yd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79824?format=api", "vulnerability_id": "VCID-nczx-qfyh-xubz", "summary": "ceph: Ceph volume does not honour osd_dmcrypt_key_size", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50894", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50947", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50973", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.5093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50985", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51027", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.5099", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51034", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50961", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50968", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024788", "reference_id": "2024788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1174", "reference_id": "RHSA-2022:1174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1174" }, { "reference_url": "https://usn.ubuntu.com/6063-1/", "reference_id": "USN-6063-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6063-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" } ], "aliases": [ "CVE-2021-3979" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nczx-qfyh-xubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68988?format=api", "vulnerability_id": "VCID-r1ah-c6z7-vyen", "summary": "ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52555.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52555.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05524", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05591", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05584", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05532", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05705", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17295", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17271", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52555" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108410", "reference_id": "1108410", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108410" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374412", "reference_id": "2374412", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374412" }, { "reference_url": "https://github.com/ceph/ceph/pull/60314", "reference_id": "60314", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T20:40:04Z/" } ], "url": "https://github.com/ceph/ceph/pull/60314" }, { "reference_url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm", "reference_id": "GHSA-89hm-qq33-2fjm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T20:40:04Z/" } ], "url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585128?format=api", "purl": "pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585129?format=api", "purl": "pkg:deb/debian/ceph@18.2.7%2Bds-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.7%252Bds-1" } ], "aliases": [ "CVE-2025-52555" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ah-c6z7-vyen" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31709?format=api", "vulnerability_id": "VCID-1fhp-86sm-bqe5", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25660.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50751", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50833", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50848", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50888", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50865", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5085", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50887", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50894", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50873", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50822", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50831", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890354", "reference_id": "1890354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890354" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975275", "reference_id": "975275", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975275" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5325", "reference_id": "RHSA-2020:5325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0081", "reference_id": "RHSA-2021:0081", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0081" }, { "reference_url": "https://usn.ubuntu.com/4706-1/", "reference_id": "USN-4706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4706-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-25660" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fhp-86sm-bqe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31712?format=api", "vulnerability_id": "VCID-36gd-352p-n7b7", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20288.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20288.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41336", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41457", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41384", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41434", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41431", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41357", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41249", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41243", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20288" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938031", "reference_id": "1938031", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986974", "reference_id": "986974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986974" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2445", "reference_id": "RHSA-2021:2445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1394", "reference_id": "RHSA-2022:1394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1394" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" }, { "reference_url": "https://usn.ubuntu.com/5128-1/", "reference_id": "USN-5128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5128-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2021-20288" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36gd-352p-n7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82196?format=api", "vulnerability_id": "VCID-3pwt-4j1y-dbg6", "summary": "ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.83945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84071", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84037", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84039", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.8404", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84065", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.83959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.83974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.83978", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84001", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84007", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02086", "scoring_system": "epss", "scoring_elements": "0.84012", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10222" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html" }, { "reference_url": "https://tracker.ceph.com/issues/40018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://tracker.ceph.com/issues/40018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739292", "reference_id": "1739292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739292" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936015", "reference_id": "936015", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936015" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ceph:ceph:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ceph:ceph:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ceph:ceph:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ceph_storage:3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10222", "reference_id": "CVE-2019-10222", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2577", "reference_id": "RHSA-2019:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2579", "reference_id": "RHSA-2019:2579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2579" }, { "reference_url": "https://usn.ubuntu.com/4112-1/", "reference_id": "USN-4112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4112-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2019-10222" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pwt-4j1y-dbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31711?format=api", "vulnerability_id": "VCID-4mk7-e67u-zkgy", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21741", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21906", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21959", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21802", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21858", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21773", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21779", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21744", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21597", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900109", "reference_id": "1900109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900109" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985670", "reference_id": "985670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985670" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0081", "reference_id": "RHSA-2021:0081", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0081" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1518", "reference_id": "RHSA-2021:1518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1518" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" }, { "reference_url": "https://usn.ubuntu.com/5128-1/", "reference_id": "USN-5128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5128-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-27781" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mk7-e67u-zkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81446?format=api", "vulnerability_id": "VCID-6kbn-psnc-q3cy", "summary": "ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51733", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51783", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51808", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51837", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51879", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51886", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51868", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51816", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51822", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827262", "reference_id": "1827262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1518", "reference_id": "RHSA-2021:1518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1518" }, { "reference_url": "https://usn.ubuntu.com/4528-1/", "reference_id": "USN-4528-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4528-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-12059" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kbn-psnc-q3cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31710?format=api", "vulnerability_id": "VCID-7k2s-fmzx-a3d8", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25678.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02843", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02931", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02958", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04957", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04967", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05115", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0514", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05181", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25678" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109", "reference_id": "1892109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1452", "reference_id": "RHSA-2021:1452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1452" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-25678" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7k2s-fmzx-a3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80282?format=api", "vulnerability_id": "VCID-9e77-3unf-r3hu", "summary": "ceph-dashboard: Cross-site scripting via token Cookie", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3509.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3509.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69323", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.6934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.6932", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.6937", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69386", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69393", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69379", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69417", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69428", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.6941", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69462", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.6947", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3509" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950116", "reference_id": "1950116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950116" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988888", "reference_id": "988888", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2445", "reference_id": "RHSA-2021:2445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2445" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" }, { "reference_url": "https://usn.ubuntu.com/5128-1/", "reference_id": "USN-5128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5128-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2021-3509" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9e77-3unf-r3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31706?format=api", "vulnerability_id": "VCID-a4u3-63ez-gfbc", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61026", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61145", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.6116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61181", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61148", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61189", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61195", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61176", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61165", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61179", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840744", "reference_id": "1840744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975300", "reference_id": "975300", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975300" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3003", "reference_id": "RHSA-2020:3003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3504", "reference_id": "RHSA-2020:3504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3505", "reference_id": "RHSA-2020:3505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3505" }, { "reference_url": "https://usn.ubuntu.com/4528-1/", "reference_id": "USN-4528-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4528-1/" }, { "reference_url": "https://usn.ubuntu.com/4706-1/", "reference_id": "USN-4706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4706-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-10753" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4u3-63ez-gfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81667?format=api", "vulnerability_id": "VCID-gjne-rqt9-jqc5", "summary": "ceph: improper URL checking leads to information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82808", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82824", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82838", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82834", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82866", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82881", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82876", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82872", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82911", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.8291", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82913", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82934", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01822", "scoring_system": "epss", "scoring_elements": "0.82944", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792337", "reference_id": "1792337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792337" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949206", "reference_id": "949206", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949206" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-1699" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjne-rqt9-jqc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31708?format=api", "vulnerability_id": "VCID-kxvn-yjm8-3ygt", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57618", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57772", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57732", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57761", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57758", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57735", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57693", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57713", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1760" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812962", "reference_id": "1812962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812962" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956142", "reference_id": "956142", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956142" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3003", "reference_id": "RHSA-2020:3003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3003" }, { "reference_url": "https://usn.ubuntu.com/4528-1/", "reference_id": "USN-4528-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4528-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-1760" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxvn-yjm8-3ygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81515?format=api", "vulnerability_id": "VCID-m5wq-1w2k-9khk", "summary": "ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56235", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56367", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56349", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.564", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56405", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56414", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.5639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56404", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56376", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56297", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56317", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330", "reference_id": "1901330", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985670", "reference_id": "985670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2445", "reference_id": "RHSA-2021:2445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2445" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-27839" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5wq-1w2k-9khk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81629?format=api", "vulnerability_id": "VCID-pp2v-1dp5-4bbd", "summary": "ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1700.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1700.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55484", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55595", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55619", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55651", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.5566", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.5564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55623", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55664", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55644", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55571", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55588", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1700" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791691", "reference_id": "1791691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791691" }, { "reference_url": "https://usn.ubuntu.com/4304-1/", "reference_id": "USN-4304-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4304-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-1700" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pp2v-1dp5-4bbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31707?format=api", "vulnerability_id": "VCID-qkp7-s947-ufcu", "summary": "Multiple vulnerabilities have been found in Ceph, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1759.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1759.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61314", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61469", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61479", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61483", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61454", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61391", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61419", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61389", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61435", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61451", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61472", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.6144", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1759" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1759" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811712", "reference_id": "1811712", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811712" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956139", "reference_id": "956139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956139" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1759", "reference_id": "CVE-2020-1759", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1759" }, { "reference_url": "https://security.gentoo.org/glsa/202105-39", "reference_id": "GLSA-202105-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2020-1759" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkp7-s947-ufcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80451?format=api", "vulnerability_id": "VCID-rukb-cwpx-q3hy", "summary": "gateway: radosgw: CRLF injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74942", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74945", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74949", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74995", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.75017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74996", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.74986", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.75022", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.7503", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.75019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.75057", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00857", "scoring_system": "epss", "scoring_elements": "0.75062", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951674", "reference_id": "1951674", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951674" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988889", "reference_id": "988889", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1174", "reference_id": "RHSA-2022:1174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1174" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" }, { "reference_url": "https://usn.ubuntu.com/5128-1/", "reference_id": "USN-5128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5128-1/" }, { "reference_url": "https://usn.ubuntu.com/7706-1/", "reference_id": "USN-7706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7706-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2021-3524" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rukb-cwpx-q3hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80284?format=api", "vulnerability_id": "VCID-zbwp-sfx4-xke7", "summary": "ceph: RGW unauthenticated denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3531.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3531.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49026", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49061", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49088", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49042", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49093", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4911", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49134", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49133", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.491", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49086", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3531" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955326", "reference_id": "1955326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955326" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988890", "reference_id": "988890", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1174", "reference_id": "RHSA-2022:1174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1174" }, { "reference_url": "https://usn.ubuntu.com/4998-1/", "reference_id": "USN-4998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4998-1/" }, { "reference_url": "https://usn.ubuntu.com/5128-1/", "reference_id": "USN-5128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5128-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050150?format=api", "purl": "pkg:deb/debian/ceph@14.2.21-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bk-met9-qfc9" }, { "vulnerability": "VCID-1yz5-m9s7-nqdm" }, { "vulnerability": "VCID-47cr-h639-tqd4" }, { "vulnerability": "VCID-54nw-yq6d-2ueu" }, { "vulnerability": "VCID-5bgn-2pbq-6yd1" }, { "vulnerability": "VCID-nczx-qfyh-xubz" }, { "vulnerability": "VCID-r1ah-c6z7-vyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" } ], "aliases": [ "CVE-2021-3531" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbwp-sfx4-xke7" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1" }