Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/107002?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/107002?format=api", "purl": "pkg:rpm/redhat/tfm-rubygem-hammer_cli_katello@0.11.3.5-1?arch=el7sat", "type": "rpm", "namespace": "redhat", "name": "tfm-rubygem-hammer_cli_katello", "version": "0.11.3.5-1", "qualifiers": { "arch": "el7sat" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84374?format=api", "vulnerability_id": "VCID-18aq-72zg-3uc9", "summary": "puppet: Unsafe YAML deserialization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.8313", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83201", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83147", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83159", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83191", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651", "reference_id": "1452651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212", "reference_id": "863212", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2295" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18aq-72zg-3uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84050?format=api", "vulnerability_id": "VCID-1fgf-s31g-pfac", "summary": "foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36001", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36066", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36121", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35986", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36036", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36059", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480886", "reference_id": "1480886", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480886" } ], "fixed_packages": [], "aliases": [ "CVE-2014-8183" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fgf-s31g-pfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85119?format=api", "vulnerability_id": "VCID-3j8j-qks5-m3ew", "summary": "foreman: privilege escalation through Organization and Locations API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34243", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34583", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3461", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34477", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3452", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34488", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889", "reference_id": "1339889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889" } ], "fixed_packages": [], "aliases": [ "CVE-2016-4451" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3j8j-qks5-m3ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84835?format=api", "vulnerability_id": "VCID-4d6e-mx3k-yqgk", "summary": "foreman: Information leak through organizations and locations feature", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54559", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54653", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54623", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54671", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54684", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54667", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54646", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386244", "reference_id": "1386244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386244" } ], "fixed_packages": [], "aliases": [ "CVE-2016-7078" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4d6e-mx3k-yqgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84821?format=api", "vulnerability_id": "VCID-6bhb-kgf4-abe7", "summary": "foreman: Stored XSS vulnerability in remote execution plugin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72786", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72806", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72783", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72843", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8613" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232", "reference_id": "1387232", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8613" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bhb-kgf4-abe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7396?format=api", "vulnerability_id": "VCID-6hub-g2ja-afaw", "summary": "Information disclosure vulnerability\nsafemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.", "references": [ { "reference_url": "http://projects.theforeman.org/issues/14635", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.theforeman.org/issues/14635" }, { "reference_url": "http://rubysec.com/advisories/CVE-2016-3693", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rubysec.com/advisories/CVE-2016-3693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72627", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72645", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72621", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.7257", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72577", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72571", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3693" }, { "reference_url": "http://seclists.org/oss-sec/2016/q2/119", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2016/q2/119" }, { "reference_url": "https://github.com/svenfuchs/safemode", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/safemode" }, { "reference_url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f" }, { "reference_url": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2" }, { "reference_url": "http://theforeman.org/security.html#2016-3693", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://theforeman.org/security.html#2016-3693" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/04/20/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471", "reference_id": "1327471", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*", "reference_id": "cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*" }, { "reference_url": "http://rubysec.com/advisories/CVE-2016-3693/", "reference_id": "CVE-2016-3693", "reference_type": "", "scores": [], "url": "http://rubysec.com/advisories/CVE-2016-3693/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3693", "reference_id": "CVE-2016-3693", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3693" }, { "reference_url": "https://github.com/advisories/GHSA-c92m-rrrc-q5wf", "reference_id": "GHSA-c92m-rrrc-q5wf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c92m-rrrc-q5wf" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3693", "GHSA-c92m-rrrc-q5wf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hub-g2ja-afaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84672?format=api", "vulnerability_id": "VCID-6jdw-pp1b-1qan", "summary": "katello-debug: Possible symlink attacks due to use of predictable file names", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12806", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12904", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12756", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12887", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12853", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1277", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406729", "reference_id": "1406729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406729" } ], "fixed_packages": [], "aliases": [ "CVE-2016-9595" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdw-pp1b-1qan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85226?format=api", "vulnerability_id": "VCID-7zj1-ye9x-cueu", "summary": "pulp: Leakage of CA key in pulp-qpid-ssl-cfg", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16863", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16648", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16732", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16786", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16723", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16666", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930", "reference_id": "1328930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3696" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7zj1-ye9x-cueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84472?format=api", "vulnerability_id": "VCID-8fnw-r4f3-xqcg", "summary": "foreman: Image password leak", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38794", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38893", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38945", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3892", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38927", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38949", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38879", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38931", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672" }, { "reference_url": "https://projects.theforeman.org/issues/19169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://projects.theforeman.org/issues/19169" }, { "reference_url": "http://www.securityfocus.com/bid/97526", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439537", "reference_id": "1439537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2672", "reference_id": "CVE-2017-2672", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2672" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2672" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fnw-r4f3-xqcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10126?format=api", "vulnerability_id": "VCID-asqu-5r9h-9yav", "summary": "SQL Injection\nAn SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-14623", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2018-14623" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33529", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33553", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33594", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33601", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33523", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3365", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623" }, { "reference_url": "https://github.com/Katello/katello", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Katello/katello" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml" }, { "reference_url": "https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224" }, { "reference_url": "http://www.securityfocus.com/bid/106224", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106224" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14623", "reference_id": "CVE-2018-14623", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14623" }, { "reference_url": "https://github.com/advisories/GHSA-527r-mfmj-prqf", "reference_id": "GHSA-527r-mfmj-prqf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-527r-mfmj-prqf" }, { "reference_url": "https://github.com/advisories/GHSA-jx5v-788g-qw58", "reference_id": "GHSA-jx5v-788g-qw58", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jx5v-788g-qw58" } ], "fixed_packages": [], "aliases": [ "CVE-2018-14623", "GHSA-jx5v-788g-qw58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asqu-5r9h-9yav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84945?format=api", "vulnerability_id": "VCID-avsj-f1g8-yfen", "summary": "foreman: Persistent XSS in Foreman remote execution plugin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72692", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72711", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72688", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.7274", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72764", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72748", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72738", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365815", "reference_id": "1365815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365815" } ], "fixed_packages": [], "aliases": [ "CVE-2016-6319" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avsj-f1g8-yfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8854?format=api", "vulnerability_id": "VCID-bvrv-wvt6-8yfy", "summary": "Improper Certificate Validation\nHammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.", "references": [ { "reference_url": "http://projects.theforeman.org/issues/19033", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.theforeman.org/issues/19033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29538", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29535", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29564", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29442", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436262" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml" }, { "reference_url": "https://github.com/theforeman/hammer-cli-foreman", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/theforeman/hammer-cli-foreman" }, { "reference_url": "https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153" }, { "reference_url": "http://www.securityfocus.com/bid/97153", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/97153" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2667", "reference_id": "CVE-2017-2667", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2667" }, { "reference_url": "https://github.com/advisories/GHSA-77h8-xr85-3x5q", "reference_id": "GHSA-77h8-xr85-3x5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77h8-xr85-3x5q" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2667", "GHSA-77h8-xr85-3x5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvrv-wvt6-8yfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85049?format=api", "vulnerability_id": "VCID-cc8z-r1zy-23f2", "summary": "foreman: Information disclosure in provisioning template previews", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53142", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53166", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53159", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53206", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53243", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53226", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348939", "reference_id": "1348939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348939" } ], "fixed_packages": [], "aliases": [ "CVE-2016-4995" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cc8z-r1zy-23f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84797?format=api", "vulnerability_id": "VCID-dfb9-31gj-57fs", "summary": "foreman: Stored XSS in org/loc wizard", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55554", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55665", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55718", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5571", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55693", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8634" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520", "reference_id": "1391520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8634" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfb9-31gj-57fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6881?format=api", "vulnerability_id": "VCID-dh5x-wb2a-1ufj", "summary": "XSS vulnerabiliy in generated pagination links\nThe package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49086", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49076", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.582", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459" }, { "reference_url": "https://github.com/mislav/will_paginate", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mislav/will_paginate" }, { "reference_url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5" }, { "reference_url": "https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6459", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6459" }, { "reference_url": "https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046642", "reference_id": "1046642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209", "reference_id": "733209", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209" }, { "reference_url": "https://github.com/advisories/GHSA-8r6h-7x9g-xmw9", "reference_id": "GHSA-8r6h-7x9g-xmw9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r6h-7x9g-xmw9" } ], "fixed_packages": [], "aliases": [ "CVE-2013-6459", "GHSA-8r6h-7x9g-xmw9", "OSV-101138" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5x-wb2a-1ufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85050?format=api", "vulnerability_id": "VCID-dtva-ze8n-vycd", "summary": "foreman: inside discovery-debug, the root password is displayed in plaintext", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1211", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12161", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12169", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.121", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4996" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349136", "reference_id": "1349136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349136" } ], "fixed_packages": [], "aliases": [ "CVE-2016-4996" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dtva-ze8n-vycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84840?format=api", "vulnerability_id": "VCID-e488-4fjn-z3g2", "summary": "foreman: Foreman information leak through unauthorized multiple_checkboxes helper", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48346", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48381", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48402", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48355", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.4841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48415", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385777", "reference_id": "1385777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385777" } ], "fixed_packages": [], "aliases": [ "CVE-2016-7077" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e488-4fjn-z3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84673?format=api", "vulnerability_id": "VCID-egve-f1uw-nfff", "summary": "foreman-debug: missing obfuscation of sensitive information", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44351", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44437", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44458", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44445", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44452", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44468", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44436", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9593" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406384", "reference_id": "1406384", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406384" } ], "fixed_packages": [], "aliases": [ "CVE-2016-9593" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egve-f1uw-nfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83664?format=api", "vulnerability_id": "VCID-kra9-9yr7-nbg6", "summary": "Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81637", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81649", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81671", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81669", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.817", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.81707", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15699" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512724", "reference_id": "1512724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512724" } ], "fixed_packages": [], "aliases": [ "CVE-2017-15699" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kra9-9yr7-nbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48265?format=api", "vulnerability_id": "VCID-p8ab-a4gk-eyd2", "summary": "Multiple vulnerabilities have been found in the Chromium web\n browser, the worst of which allows remote attackers to execute arbitrary\n code.", "references": [ { "reference_url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81796", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81861", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.8186", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81853", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1669" }, { "reference_url": "https://codereview.chromium.org/1945313002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://codereview.chromium.org/1945313002" }, { "reference_url": "https://crbug.com/606115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://crbug.com/606115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3590", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3590" }, { "reference_url": "http://www.securityfocus.com/bid/90584", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90584" }, { "reference_url": "http://www.securitytracker.com/id/1035872", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035872" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2960-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2960-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335449", "reference_id": "1335449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335449" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1669", "reference_id": "CVE-2016-1669", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1669" }, { "reference_url": "https://security.gentoo.org/glsa/201605-02", "reference_id": "GLSA-201605-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1080", "reference_id": "RHSA-2016:1080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0879", "reference_id": "RHSA-2017:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0880", "reference_id": "RHSA-2017:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0881", "reference_id": "RHSA-2017:0881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0882", "reference_id": "RHSA-2017:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0882" }, { "reference_url": "https://usn.ubuntu.com/2960-1/", "reference_id": "USN-2960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2960-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-1669" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8ab-a4gk-eyd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85202?format=api", "vulnerability_id": "VCID-ph9r-qphf-8fam", "summary": "pulp: Unsafe use of bash $RANDOM for NSS DB password and seed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67702", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67734", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67748", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67771", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67757", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.67724", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264", "reference_id": "1330264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3704" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ph9r-qphf-8fam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85150?format=api", "vulnerability_id": "VCID-sa68-rwqe-tfgp", "summary": "foreman: Stored XSS via organization/location with HTML in name", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8639", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68875", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68893", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68894", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68963", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68986", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68971", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68941", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8639" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393291", "reference_id": "1393291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393291" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8639" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sa68-rwqe-tfgp" } ], "fixing_vulnerabilities": [], "risk_score": "4.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-hammer_cli_katello@0.11.3.5-1%3Farch=el7sat" }