Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1074331?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1074331?format=api", "purl": "pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1", "type": "deb", "namespace": "debian", "name": "openssh", "version": "1:6.6p1-4~bpo70+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:9.2p1-2+deb12u7", "latest_non_vulnerable_version": "1:9.2p1-2+deb12u7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28443?format=api", "vulnerability_id": "VCID-124c-8gmd-xfb7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10984", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11013", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11044", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11047", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576", "reference_id": "1132576", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454490", "reference_id": "2454490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454490" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12389", "reference_id": "RHSA-2026:12389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13380", "reference_id": "RHSA-2026:13380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13381", "reference_id": "RHSA-2026:13381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13383", "reference_id": "RHSA-2026:13383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16059", "reference_id": "RHSA-2026:16059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19069", "reference_id": "RHSA-2026:19069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19219", "reference_id": "RHSA-2026:19219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21298", "reference_id": "RHSA-2026:21298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21398", "reference_id": "RHSA-2026:21398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22329", "reference_id": "RHSA-2026:22329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22564", "reference_id": "RHSA-2026:22564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22648", "reference_id": "RHSA-2026:22648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25096", "reference_id": "RHSA-2026:25096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25096" }, { "reference_url": "https://usn.ubuntu.com/8222-1/", "reference_id": "USN-8222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2026-35414" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-124c-8gmd-xfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15670?format=api", "vulnerability_id": "VCID-1k3j-b43t-ckgx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98474", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.64352", "scoring_system": "epss", "scoring_elements": "0.98468", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.66852", "scoring_system": "epss", "scoring_elements": "0.98576", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460", "reference_id": "1042460", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/20/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2" }, { "reference_url": "https://security.gentoo.org/glsa/202307-01", "reference_id": "202307-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://security.gentoo.org/glsa/202307-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224173", "reference_id": "2224173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224173" }, { "reference_url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8", "reference_id": "7bc29a9d5cd697290aa056e94ecee6253d3425f8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/", "reference_id": "CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" }, { "reference_url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent", "reference_id": "cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408", "reference_id": "exploring-opensshs-agent-forwarding-rce-cve-2023-38408", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408" }, { "reference_url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d", "reference_id": "f03a4faa55c4ce0818324701dadbf91988d7351d", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d" }, { "reference_url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca", "reference_id": "f8f5a6b003981bb824329dc987d101977beda7ca", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca" }, { "reference_url": "https://support.apple.com/kb/HT213940", "reference_id": "HT213940", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://support.apple.com/kb/HT213940" }, { "reference_url": "https://news.ycombinator.com/item?id=36790196", "reference_id": "item?id=36790196", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://news.ycombinator.com/item?id=36790196" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230803-0010/", "reference_id": "ntap-20230803-0010", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" }, { "reference_url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", "reference_id": "OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/", "reference_id": "RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" }, { "reference_url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt", "reference_id": "rce-openssh-forwarded-ssh-agent.txt", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" }, { "reference_url": "https://www.openssh.com/txt/release-9.3p2", "reference_id": "release-9.3p2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.openssh.com/txt/release-9.3p2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4329", "reference_id": "RHSA-2023:4329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4381", "reference_id": "RHSA-2023:4381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4382", "reference_id": "RHSA-2023:4382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4383", "reference_id": "RHSA-2023:4383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4384", "reference_id": "RHSA-2023:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4412", "reference_id": "RHSA-2023:4412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4413", "reference_id": "RHSA-2023:4413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4419", "reference_id": "RHSA-2023:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4428", "reference_id": "RHSA-2023:4428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4889", "reference_id": "RHSA-2023:4889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4889" }, { "reference_url": "https://www.openssh.com/security.html", "reference_id": "security.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/" } ], "url": "https://www.openssh.com/security.html" }, { "reference_url": "https://usn.ubuntu.com/6242-1/", "reference_id": "USN-6242-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6242-1/" }, { "reference_url": "https://usn.ubuntu.com/6242-2/", "reference_id": "USN-6242-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6242-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2023-38408" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k3j-b43t-ckgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207672?format=api", "vulnerability_id": "VCID-29b1-zcfn-1be6", "summary": "The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76907", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76979", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76993", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76986", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854145", "reference_id": "1854145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854145" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12062" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29b1-zcfn-1be6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25794?format=api", "vulnerability_id": "VCID-358j-tvz2-dbau", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01864", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01878", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01868", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01866", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/10/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529", "reference_id": "1117529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960", "reference_id": "2401960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2", "reference_id": "?l=openssh-unix-dev&m=175974522032149&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2" }, { "reference_url": "https://www.openssh.com/releasenotes.html#10.1p1", "reference_id": "releasenotes.html#10.1p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://www.openssh.com/releasenotes.html#10.1p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23479", "reference_id": "RHSA-2025:23479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23480", "reference_id": "RHSA-2025:23480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23481", "reference_id": "RHSA-2025:23481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0693", "reference_id": "RHSA-2026:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0976", "reference_id": "RHSA-2026:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1678", "reference_id": "RHSA-2026:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1815", "reference_id": "RHSA-2026:1815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5475", "reference_id": "RHSA-2026:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5475" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-61984" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-358j-tvz2-dbau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28439?format=api", "vulnerability_id": "VCID-3ky7-2mqj-q7gh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12364", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12444", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12463", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12456", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573", "reference_id": "1132573", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454506", "reference_id": "2454506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454506" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12389", "reference_id": "RHSA-2026:12389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13380", "reference_id": "RHSA-2026:13380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13381", "reference_id": "RHSA-2026:13381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13383", "reference_id": "RHSA-2026:13383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16059", "reference_id": "RHSA-2026:16059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19069", "reference_id": "RHSA-2026:19069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19219", "reference_id": "RHSA-2026:19219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21298", "reference_id": "RHSA-2026:21298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21398", "reference_id": "RHSA-2026:21398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22329", "reference_id": "RHSA-2026:22329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22564", "reference_id": "RHSA-2026:22564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22648", "reference_id": "RHSA-2026:22648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25096", "reference_id": "RHSA-2026:25096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25096" }, { "reference_url": "https://usn.ubuntu.com/8222-1/", "reference_id": "USN-8222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2026-35386" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ky7-2mqj-q7gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/961?format=api", "vulnerability_id": "VCID-3rbw-3649-xkgw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02368", "scoring_system": "epss", "scoring_elements": "0.85295", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02368", "scoring_system": "epss", "scoring_elements": "0.85347", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02368", "scoring_system": "epss", "scoring_elements": "0.85356", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02368", "scoring_system": "epss", "scoring_elements": "0.85348", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1034705", "reference_id": "1034705", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://www.securitytracker.com/id/1034705" }, { "reference_url": "http://openwall.com/lists/oss-security/2016/01/15/13", "reference_id": "13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://openwall.com/lists/oss-security/2016/01/15/13" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "201612-18", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "http://www.securityfocus.com/bid/84427", "reference_id": "84427", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://www.securityfocus.com/bid/84427" }, { "reference_url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c", "reference_id": "?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "linuxbulletinapr2016-2952096.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "http://www.openssh.com/txt/release-7.2", "reference_id": "release-7.2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://www.openssh.com/txt/release-7.2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0465", "reference_id": "RHSA-2016:0465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0465" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html", "reference_id": "RHSA-2016-0465.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html", "reference_id": "RHSA-2016-0741.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741", "reference_id": "show_bug.cgi?id=1298741", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-1908" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rbw-3649-xkgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28441?format=api", "vulnerability_id": "VCID-51qb-g51q-b3fd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04497", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04477", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04483", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04498", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575", "reference_id": "1132575", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454500", "reference_id": "2454500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454500" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12389", "reference_id": "RHSA-2026:12389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13380", "reference_id": "RHSA-2026:13380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13381", "reference_id": "RHSA-2026:13381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13383", "reference_id": "RHSA-2026:13383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16059", "reference_id": "RHSA-2026:16059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19069", "reference_id": "RHSA-2026:19069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19219", "reference_id": "RHSA-2026:19219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21298", "reference_id": "RHSA-2026:21298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21398", "reference_id": "RHSA-2026:21398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22329", "reference_id": "RHSA-2026:22329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22564", "reference_id": "RHSA-2026:22564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22648", "reference_id": "RHSA-2026:22648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25096", "reference_id": "RHSA-2026:25096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25096" }, { "reference_url": "https://usn.ubuntu.com/8222-1/", "reference_id": "USN-8222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2026-35388" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51qb-g51q-b3fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5347?format=api", "vulnerability_id": "VCID-59xb-y4z9-pbfp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20685.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87694", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87651", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.877", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03377", "scoring_system": "epss", "scoring_elements": "0.87697", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/106531", "reference_id": "106531", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "http://www.securityfocus.com/bid/106531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665785", "reference_id": "1665785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665785" }, { "reference_url": "https://security.gentoo.org/glsa/201903-16", "reference_id": "201903-16", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "reference_url": "https://security.gentoo.org/glsa/202007-53", "reference_id": "202007-53", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://security.gentoo.org/glsa/202007-53" }, { "reference_url": "https://usn.ubuntu.com/3885-1/", "reference_id": "3885-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://usn.ubuntu.com/3885-1/" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2", "reference_id": "6010c0303a422a9c5fa8860c061bf7105eb7f8b2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101", "reference_id": "919101", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101" }, { "reference_url": "https://security.archlinux.org/ASA-201904-11", "reference_id": "ASA-201904-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-11" }, { "reference_url": "https://security.archlinux.org/AVG-951", "reference_id": "AVG-951", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-951" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "cpuapr2019-5072813.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "cpuoct2019-5072832.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4387", "reference_id": "dsa-4387", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190215-0001/", "reference_id": "ntap-20190215-0001", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190215-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3702", "reference_id": "RHSA-2019:3702", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "reference_url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h", "reference_id": "scp.c.diff?r1=1.197&r2=1.198&f=h", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h" }, { "reference_url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "reference_id": "scp-client-multiple-vulnerabilities.txt", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078456?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2018-20685" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59xb-y4z9-pbfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/158795?format=api", "vulnerability_id": "VCID-6c6q-52re-zqdc", "summary": "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6563.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27824", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27608", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27809", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27834", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/08/22/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/08/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252844", "reference_id": "1252844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252844" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html", "reference_id": "165170.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "201512-04", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/Aug/54", "reference_id": "54", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://seclists.org/fulldisclosure/2015/Aug/54" }, { "reference_url": "http://www.securityfocus.com/bid/76317", "reference_id": "76317", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://www.securityfocus.com/bid/76317" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711", "reference_id": "795711", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711" }, { "reference_url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766", "reference_id": "brocade-security-advisory-2019-766", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "reference_id": "bulletinjan2016-2867206.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b", "reference_id": "d4697fe9a28dab7255c60433e4dd23cf7fce8a8b", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b" }, { "reference_url": "https://support.apple.com/HT205375", "reference_id": "HT205375", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://support.apple.com/HT205375" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "linuxbulletinapr2016-2952096.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "linuxbulletinoct2015-2719645.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180201-0002/", "reference_id": "ntap-20180201-0002", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180201-0002/" }, { "reference_url": "http://www.openssh.com/txt/release-7.0", "reference_id": "release-7.0", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://www.openssh.com/txt/release-7.0" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2088", "reference_id": "RHSA-2015:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html", "reference_id": "RHSA-2016-0741.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-6563" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6q-52re-zqdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16078?format=api", "vulnerability_id": "VCID-6ft3-n7d1-53h3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51662", "scoring_system": "epss", "scoring_elements": "0.97963", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.51662", "scoring_system": "epss", "scoring_elements": "0.97964", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.51662", "scoring_system": "epss", "scoring_elements": "0.97965", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.52998", "scoring_system": "epss", "scoring_elements": "0.98016", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48795" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" }, { "reference_url": "https://github.com/warp-tech/russh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh" }, { "reference_url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" }, { "reference_url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://go.dev/cl/550715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/550715" }, { "reference_url": "https://go.dev/issue/64784", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/64784" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://help.panic.com/releasenotes/transmit5" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.netsarang.com/en/xshell-update-history" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001", "reference_id": "1059001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002", "reference_id": "1059002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003", "reference_id": "1059003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004", "reference_id": "1059004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005", "reference_id": "1059005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006", "reference_id": "1059006", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007", "reference_id": "1059007", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058", "reference_id": "1059058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144", "reference_id": "1059144", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290", "reference_id": "1059290", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294", "reference_id": "1059294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294" }, { "reference_url": "https://github.com/libssh2/libssh2/pull/1291", "reference_id": "1291", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "reference_url": "https://github.com/ssh-mitm/ssh-mitm/issues/165", "reference_id": "165", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "reference_url": "https://twitter.com/TrueSkrillor/status/1736774389725565005", "reference_id": "1736774389725565005", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "reference_url": "https://security.gentoo.org/glsa/202312-16", "reference_id": "202312-16", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "reference_url": "https://security.gentoo.org/glsa/202312-17", "reference_id": "202312-17", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Mar/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "reference_id": "2189", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "reference_url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "reference_id": "2.2.21...2.2.22", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337", "reference_id": "2337", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "reference_url": "https://github.com/NixOS/nixpkgs/pull/275249", "reference_id": "275249", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/18/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "reference_id": "33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "reference_id": "3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "reference_id": "3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "reference_id": "3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "reference_url": "https://github.com/apache/mina-sshd/issues/445", "reference_id": "445", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/apache/mina-sshd/issues/445" }, { "reference_url": "https://github.com/proftpd/proftpd/issues/456", "reference_id": "456", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/issues/456" }, { "reference_url": "https://github.com/mwiede/jsch/issues/457", "reference_id": "457", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/issues/457" }, { "reference_url": "https://github.com/mwiede/jsch/pull/461", "reference_id": "461", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/pull/461" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "reference_url": "https://github.com/cyd01/KiTTY/issues/520", "reference_id": "520", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "reference_url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "reference_id": "5c8b534f6e97db7ac0e0e579331213aa25c173ab", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "reference_id": "6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "reference_id": "7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/17/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "reference_url": "https://github.com/janmojzis/tinyssh/issues/81", "reference_id": "81", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "reference_url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "reference_id": "8e972c5e94b460379fe0c7d20209c16df81538a5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "reference_url": "https://github.com/hierynomus/sshj/issues/916", "reference_id": "916", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/hierynomus/sshj/issues/916" }, { "reference_url": "https://bugs.gentoo.org/920280", "reference_id": "920280", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugs.gentoo.org/920280" }, { "reference_url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "reference_id": "97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "reference_url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "reference_id": "9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "reference_url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "reference_id": "allgemeine-sicherheitshinweise#c243508", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "reference_id": "APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "reference_id": "BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "reference_id": "C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "reference_url": "https://oryx-embedded.com/download/#changelog", "reference_id": "#changelog", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://oryx-embedded.com/download/#changelog" }, { "reference_url": "https://www.paramiko.org/changelog.html", "reference_id": "changelog.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.paramiko.org/changelog.html" }, { "reference_url": "https://matt.ucc.asn.au/dropbear/CHANGES", "reference_id": "CHANGES", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "reference_url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "reference_id": "changes.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "reference_url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "reference_id": "CHANGES#L25", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "reference_url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "reference_id": "changes.rst", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "reference_url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "reference_id": "CHANGES.txt#L14-L16", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "reference_id": "CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2023-48795", "reference_id": "cve-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "reference_url": "https://ubuntu.com/security/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "reference_id": "cve-2023-48795-and-sftp-gateway", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "reference_id": "cve202348795_why_is_this_cve_still_undisclosed", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "reference_url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "reference_id": "D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5586", "reference_id": "dsa-5586", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5588", "reference_id": "dsa-5588", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "reference_id": "F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "reference_id": "FreeBSD-SA-23:19.openssh.asc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "reference_url": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "reference_id": "GHSA-45x7-px36-x8w8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://security.gentoo.org/glsa/202407-11", "reference_id": "GLSA-202407-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-11" }, { "reference_url": "https://security.gentoo.org/glsa/202407-12", "reference_id": "GLSA-202407-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-12" }, { "reference_url": "https://security.gentoo.org/glsa/202509-06", "reference_id": "GLSA-202509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-06" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "reference_id": "hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "reference_url": "https://winscp.net/eng/docs/history#6.2.2", "reference_id": "history#6.2.2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "reference_url": "https://www.vandyke.com/products/securecrt/history.txt", "reference_id": "history.txt", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "reference_url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "reference_id": "?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "reference_url": "https://support.apple.com/kb/HT214084", "reference_id": "HT214084", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://support.apple.com/kb/HT214084" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "reference_id": "HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "reference_id": "I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "reference_id": "important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "reference_url": "https://news.ycombinator.com/item?id=38684904", "reference_id": "item?id=38684904", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38684904" }, { "reference_url": "https://news.ycombinator.com/item?id=38685286", "reference_id": "item?id=38685286", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38685286" }, { "reference_url": "https://news.ycombinator.com/item?id=38732005", "reference_id": "item?id=38732005", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38732005" }, { "reference_url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "reference_id": "jsch-0.2.14...jsch-0.2.15", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "reference_id": "KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "reference_id": "KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "reference_id": "L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/libssh2", "reference_id": "libssh2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "reference_id": "LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "reference_url": "https://github.com/openssh/openssh-portable/commits/master", "reference_id": "master", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "reference_id": "MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "reference_id": "-n5WqVC18LQ", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "reference_url": "https://roumenpetrov.info/secsh/#news20231220", "reference_id": "#news20231220", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "reference_url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "reference_id": "notes.xml#L39-L42", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004/", "reference_id": "ntap-20240105-0004", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "reference_url": "https://www.openssh.com/openbsd.html", "reference_id": "openbsd.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openssh.com/openbsd.html" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "reference_id": "OTP-26.2.1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "reference_id": "proftpd-dfsg", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "reference_id": "qA3XtxvMUyg", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "reference_id": "QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "reference_url": "https://www.openssh.com/txt/release-9.6", "reference_id": "release-9.6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openssh.com/txt/release-9.6" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "reference_id": "RELEASE_NOTES", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "reference_id": "RELEASE_NOTES", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "reference_id": "RELEASE_NOTES", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "reference_url": "https://github.com/rapier1/hpn-ssh/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7197", "reference_id": "RHSA-2023:7197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7198", "reference_id": "RHSA-2023:7198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7201", "reference_id": "RHSA-2023:7201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0040", "reference_id": "RHSA-2024:0040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0041", "reference_id": "RHSA-2024:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0429", "reference_id": "RHSA-2024:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0455", "reference_id": "RHSA-2024:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0499", "reference_id": "RHSA-2024:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0538", "reference_id": "RHSA-2024:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0594", "reference_id": "RHSA-2024:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0606", "reference_id": "RHSA-2024:0606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0625", "reference_id": "RHSA-2024:0625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0628", "reference_id": "RHSA-2024:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0766", "reference_id": "RHSA-2024:0766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0789", "reference_id": "RHSA-2024:0789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0843", "reference_id": "RHSA-2024:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0880", "reference_id": "RHSA-2024:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0954", "reference_id": "RHSA-2024:0954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1130", "reference_id": "RHSA-2024:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1150", "reference_id": "RHSA-2024:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1192", "reference_id": "RHSA-2024:1192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1193", "reference_id": "RHSA-2024:1193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1194", "reference_id": "RHSA-2024:1194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1196", "reference_id": "RHSA-2024:1196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1197", "reference_id": "RHSA-2024:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1210", "reference_id": "RHSA-2024:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1557", "reference_id": "RHSA-2024:1557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1674", "reference_id": "RHSA-2024:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1675", "reference_id": "RHSA-2024:1675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1676", "reference_id": "RHSA-2024:1676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1677", "reference_id": "RHSA-2024:1677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1859", "reference_id": "RHSA-2024:1859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2728", "reference_id": "RHSA-2024:2728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2735", "reference_id": "RHSA-2024:2735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2768", "reference_id": "RHSA-2024:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2988", "reference_id": "RHSA-2024:2988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3479", "reference_id": "RHSA-2024:3479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3634", "reference_id": "RHSA-2024:3634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3635", "reference_id": "RHSA-2024:3635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3636", "reference_id": "RHSA-2024:3636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3718", "reference_id": "RHSA-2024:3718", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3718" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3918", "reference_id": "RHSA-2024:3918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4010", "reference_id": "RHSA-2024:4010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4151", "reference_id": "RHSA-2024:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4329", "reference_id": "RHSA-2024:4329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4479", "reference_id": "RHSA-2024:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4484", "reference_id": "RHSA-2024:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4597", "reference_id": "RHSA-2024:4597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4613", "reference_id": "RHSA-2024:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4662", "reference_id": "RHSA-2024:4662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4955", "reference_id": "RHSA-2024:4955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4959", "reference_id": "RHSA-2024:4959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4960", "reference_id": "RHSA-2024:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5200", "reference_id": "RHSA-2024:5200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5432", "reference_id": "RHSA-2024:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5433", "reference_id": "RHSA-2024:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5438", "reference_id": "RHSA-2024:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6406", "reference_id": "RHSA-2024:6406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8235", "reference_id": "RHSA-2024:8235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4664", "reference_id": "RHSA-2025:4664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4664" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "reference_id": "show_bug.cgi?id=1217950", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "reference_id": "show_bug.cgi?id=2254210", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "reference_id": "SNWLID-2024-0002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "reference_url": "https://www.bitvise.com/ssh-client-version-history#933", "reference_id": "ssh-client-version-history#933", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "reference_url": "https://www.bitvise.com/ssh-server-version-history", "reference_id": "ssh-server-version-history", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.bitvise.com/ssh-server-version-history" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "reference_id": "suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "reference_url": "https://github.com/ronf/asyncssh/tags", "reference_id": "tags", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ronf/asyncssh/tags" }, { "reference_url": "https://gitlab.com/libssh/libssh-mirror/-/tags", "reference_id": "tags", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "reference_url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "reference_id": "terrapin_attack_ssh", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "reference_url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "reference_id": "terrapin-ssh-attack", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "reference_url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "reference_id": "Terrapin-SSH-Connection-Weakening.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5/", "reference_id": "transmit5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://help.panic.com/releasenotes/transmit5/" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "reference_id": "trilead-ssh2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "reference_url": "https://usn.ubuntu.com/6560-1/", "reference_id": "USN-6560-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-1/" }, { "reference_url": "https://usn.ubuntu.com/6560-2/", "reference_id": "USN-6560-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-2/" }, { "reference_url": "https://usn.ubuntu.com/6561-1/", "reference_id": "USN-6561-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6561-1/" }, { "reference_url": "https://usn.ubuntu.com/6585-1/", "reference_id": "USN-6585-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6585-1/" }, { "reference_url": "https://usn.ubuntu.com/6589-1/", "reference_id": "USN-6589-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6589-1/" }, { "reference_url": "https://usn.ubuntu.com/6598-1/", "reference_id": "USN-6598-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6598-1/" }, { "reference_url": "https://usn.ubuntu.com/6738-1/", "reference_id": "USN-6738-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6738-1/" }, { "reference_url": "https://usn.ubuntu.com/7051-1/", "reference_id": "USN-7051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7051-1/" }, { "reference_url": "https://usn.ubuntu.com/7292-1/", "reference_id": "USN-7292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7292-1/" }, { "reference_url": "https://usn.ubuntu.com/7297-1/", "reference_id": "USN-7297-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7297-1/" }, { "reference_url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "reference_id": "v0.40.2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "reference_url": "https://nova.app/releases/#v11.8", "reference_id": "#v11.8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://nova.app/releases/#v11.8" }, { "reference_url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "reference_id": "v2.5.6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "reference_id": "v5.1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "reference_id": "v9.5.0.0p1-Beta", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "reference_url": "https://crates.io/crates/thrussh/versions", "reference_id": "versions", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://crates.io/crates/thrussh/versions" }, { "reference_url": "https://filezilla-project.org/versions.php", "reference_id": "versions.php", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://filezilla-project.org/versions.php" }, { "reference_url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "reference_id": "Wiki.jsp?page=Update", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "reference_url": "https://www.terrapin-attack.com", "reference_id": "www.terrapin-attack.com", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.terrapin-attack.com" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history/", "reference_id": "xshell-update-history", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.netsarang.com/en/xshell-update-history/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2023-48795", "GHSA-45x7-px36-x8w8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ft3-n7d1-53h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2011?format=api", "vulnerability_id": "VCID-8mhg-d4md-sbd7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8858.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31178", "scoring_system": "epss", "scoring_elements": "0.96887", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.31178", "scoring_system": "epss", "scoring_elements": "0.96876", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.31178", "scoring_system": "epss", "scoring_elements": "0.96889", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.31178", "scoring_system": "epss", "scoring_elements": "0.9689", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig", "reference_id": "013_ssh_kexinit.patch.sig", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/1" }, { "reference_url": "http://www.securitytracker.com/id/1037057", "reference_id": "1037057", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "http://www.securitytracker.com/id/1037057" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "201612-18", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/19/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/10/19/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841884", "reference_id": "841884", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841884" }, { "reference_url": "http://www.securityfocus.com/bid/93776", "reference_id": "93776", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "http://www.securityfocus.com/bid/93776" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad", "reference_id": "ec165c392ca54317dbe3064a8c200de6531e89ad", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc", "reference_id": "FreeBSD-SA-16:33.openssh.asc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=h", "reference_id": "kex.c.diff?r1=1.126&r2=1.127&f=h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180201-0001/", "reference_id": "ntap-20180201-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180201-0001/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860", "reference_id": "show_bug.cgi?id=1384860", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup", "reference_id": "x-cvsweb-markup", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/" } ], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-8858" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mhg-d4md-sbd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23351?format=api", "vulnerability_id": "VCID-98ft-mftn-mfcu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.61222", "scoring_system": "epss", "scoring_elements": "0.98353", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.61222", "scoring_system": "epss", "scoring_elements": "0.98346", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.61222", "scoring_system": "epss", "scoring_elements": "0.98352", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://seclists.org/oss-sec/2025/q1/144", "reference_id": "144", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://seclists.org/oss-sec/2025/q1/144" }, { "reference_url": "https://access.redhat.com/solutions/7109879", "reference_id": "7109879", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/solutions/7109879" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-26465", "reference_id": "CVE-2025-26465", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-26465" }, { "reference_url": "https://security.gentoo.org/glsa/202502-01", "reference_id": "GLSA-202502-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202502-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16823", "reference_id": "RHSA-2025:16823", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3837", "reference_id": "RHSA-2025:3837", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6993", "reference_id": "RHSA-2025:6993", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6993" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780", "reference_id": "show_bug.cgi?id=2344780", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780" }, { "reference_url": "https://usn.ubuntu.com/7270-1/", "reference_id": "USN-7270-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7270-1/" }, { "reference_url": "https://usn.ubuntu.com/7270-2/", "reference_id": "USN-7270-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7270-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-26465" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98ft-mftn-mfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/158776?format=api", "vulnerability_id": "VCID-9ycf-2n8g-tyg6", "summary": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5600.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5600.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.78359", "scoring_system": "epss", "scoring_elements": "0.99056", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.78359", "scoring_system": "epss", "scoring_elements": "0.99052", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600" }, { "reference_url": "http://www.securitytracker.com/id/1032988", "reference_id": "1032988", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.securitytracker.com/id/1032988" }, { "reference_url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12", "reference_id": "1174-security-advisory-12", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245969", "reference_id": "1245969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245969" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html", "reference_id": "162955.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html", "reference_id": "165170.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "201512-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/23/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://openwall.com/lists/oss-security/2015/07/23/4" }, { "reference_url": "http://www.securityfocus.com/bid/75990", "reference_id": "75990", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.securityfocus.com/bid/75990" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793616", "reference_id": "793616", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793616" }, { "reference_url": "http://www.securityfocus.com/bid/91787", "reference_id": "91787", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.securityfocus.com/bid/91787" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/Jul/92", "reference_id": "92", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://seclists.org/fulldisclosure/2015/Jul/92" }, { "reference_url": "http://www.securityfocus.com/bid/92012", "reference_id": "92012", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.securityfocus.com/bid/92012" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c", "reference_id": "auth2-chall.c", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h", "reference_id": "auth2-chall.c.diff?r1=1.42&r2=1.43&f=h", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_id": "bulletinoct2015-2511968.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "reference_id": "cpujul2016-2881720.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "cpujul2018-4258247.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480", "reference_id": "docDisplay?docId=emr_na-c04952480", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992", "reference_id": "docDisplay?docId=emr_na-c05128992", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", "reference_id": "docDisplay?docId=emr_na-c05157667", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" }, { "reference_url": "https://support.apple.com/kb/HT205031", "reference_id": "HT205031", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://support.apple.com/kb/HT205031" }, { "reference_url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697", "reference_id": "index?page=content&id=JSA10697", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10136", "reference_id": "index?page=content&id=SB10136", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10136" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10157", "reference_id": "index?page=content&id=SB10157", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10157" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "linuxbulletinapr2016-2952096.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "linuxbulletinoct2015-2719645.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20151106-0001/", "reference_id": "ntap-20151106-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20151106-0001/" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "reference_id": "ovmbulletinjul2016-3090546.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2088", "reference_id": "RHSA-2015:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0466", "reference_id": "RHSA-2016:0466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0466" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html", "reference_id": "RHSA-2016-0466.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://usn.ubuntu.com/2710-1/", "reference_id": "USN-2710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2710-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2710-1", "reference_id": "USN-2710-1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2710-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2710-2", "reference_id": "USN-2710-2", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2710-2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-5600" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ycf-2n8g-tyg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/186051?format=api", "vulnerability_id": "VCID-amga-n7sa-zket", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of\n which could lead to arbitrary code execution, or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.9033", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90359", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90368", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0539", "scoring_system": "epss", "scoring_elements": "0.90367", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238231", "reference_id": "1238231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790798", "reference_id": "790798", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" }, { "reference_url": "https://usn.ubuntu.com/2710-1/", "reference_id": "USN-2710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2710-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-5352" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amga-n7sa-zket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1710?format=api", "vulnerability_id": "VCID-b8pn-bg8e-vyca", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77091", "scoring_system": "epss", "scoring_elements": "0.98989", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.77091", "scoring_system": "epss", "scoring_elements": "0.98993", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.77091", "scoring_system": "epss", "scoring_elements": "0.98994", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364935", "reference_id": "1364935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364935" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823", "reference_id": "833823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40888.py", "reference_id": "CVE-2016-6515", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40888.py" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://usn.ubuntu.com/3061-1/", "reference_id": "USN-3061-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3061-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-6515" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8pn-bg8e-vyca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/771?format=api", "vulnerability_id": "VCID-bnpz-2y49-33cy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24907", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25106", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2511", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25124", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1037490", "reference_id": "1037490", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "http://www.securitytracker.com/id/1037490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406278", "reference_id": "1406278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406278" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/12/19/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/12/19/2" }, { "reference_url": "https://www.exploit-db.com/exploits/40962/", "reference_id": "40962", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://www.exploit-db.com/exploits/40962/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715", "reference_id": "848715", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715" }, { "reference_url": "http://www.securityfocus.com/bid/94972", "reference_id": "94972", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "http://www.securityfocus.com/bid/94972" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce", "reference_id": "c76fac666ea038753294f2ac94d310f8adece9ce", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010", "reference_id": "CVE-2016-10010", "reference_type": "exploit", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt", "reference_id": "CVE-2016-10010", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_id": "display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc", "reference_id": "FreeBSD-SA-17:01.openssh.asc", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171130-0002/", "reference_id": "ntap-20171130-0002", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20171130-0002/" }, { "reference_url": "http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html", "reference_id": "OpenSSH-Local-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_id": "viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/" } ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10010" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnpz-2y49-33cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28440?format=api", "vulnerability_id": "VCID-c2p7-27z7-5ffc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19253", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19442", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19422", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574", "reference_id": "1132574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454494", "reference_id": "2454494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454494" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12389", "reference_id": "RHSA-2026:12389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13380", "reference_id": "RHSA-2026:13380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13381", "reference_id": "RHSA-2026:13381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13383", "reference_id": "RHSA-2026:13383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16059", "reference_id": "RHSA-2026:16059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19069", "reference_id": "RHSA-2026:19069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19219", "reference_id": "RHSA-2026:19219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21298", "reference_id": "RHSA-2026:21298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21398", "reference_id": "RHSA-2026:21398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22329", "reference_id": "RHSA-2026:22329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22564", "reference_id": "RHSA-2026:22564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22648", "reference_id": "RHSA-2026:22648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25096", "reference_id": "RHSA-2026:25096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25096" }, { "reference_url": "https://usn.ubuntu.com/8222-1/", "reference_id": "USN-8222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2026-35387" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2p7-27z7-5ffc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10116?format=api", "vulnerability_id": "VCID-cm2c-arkw-audk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5111", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5124", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51253", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51241", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008291", "reference_id": "2008291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008291" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130", "reference_id": "995130", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130" }, { "reference_url": "https://security.archlinux.org/AVG-2422", "reference_id": "AVG-2422", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4782", "reference_id": "RHSA-2021:4782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2013", "reference_id": "RHSA-2022:2013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2013" }, { "reference_url": "https://usn.ubuntu.com/5666-1/", "reference_id": "USN-5666-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5666-1/" }, { "reference_url": "https://usn.ubuntu.com/6565-1/", "reference_id": "USN-6565-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6565-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2021-41617" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm2c-arkw-audk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3082?format=api", "vulnerability_id": "VCID-d3f4-y8af-cbap", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15906.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15906.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.86171", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.86111", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.86161", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.86173", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15906" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/101552", "reference_id": "101552", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "http://www.securityfocus.com/bid/101552" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506630", "reference_id": "1506630", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506630" }, { "reference_url": "https://security.gentoo.org/glsa/201801-05", "reference_id": "201801-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://security.gentoo.org/glsa/201801-05" }, { "reference_url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", "reference_id": "a6981567e8e215acc1ef690c8dbb30f2d9b00a19", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "cpujan2020.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180423-0004/", "reference_id": "ntap-20180423-0004", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180423-0004/" }, { "reference_url": "https://www.openssh.com/txt/release-7.6", "reference_id": "release-7.6", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://www.openssh.com/txt/release-7.6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0980", "reference_id": "RHSA-2018:0980", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0980" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078456?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2017-15906" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3f4-y8af-cbap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/529?format=api", "vulnerability_id": "VCID-dk18-vmt4-6yar", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23308", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23317", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2333", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23542", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1036487", "reference_id": "1036487", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "http://www.securitytracker.com/id/1036487" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "201612-18", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "http://www.securityfocus.com/bid/86187", "reference_id": "86187", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "http://www.securityfocus.com/bid/86187" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2015-8325", "reference_id": "CVE-2015-8325", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-8325" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html", "reference_id": "CVE-2015-8325.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3550", "reference_id": "dsa-3550", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3550" }, { "reference_url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755", "reference_id": "?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180628-0001/", "reference_id": "ntap-20180628-0001", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180628-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2588", "reference_id": "RHSA-2016:2588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2588" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html", "reference_id": "RHSA-2016-2588.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0641", "reference_id": "RHSA-2017:0641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0641" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html", "reference_id": "RHSA-2017-0641.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012", "reference_id": "show_bug.cgi?id=1328012", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074333?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-8325" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk18-vmt4-6yar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/772?format=api", "vulnerability_id": "VCID-dscc-v22m-uyab", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03198", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03186", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03182", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03195", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1037490", "reference_id": "1037490", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "http://www.securitytracker.com/id/1037490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406286", "reference_id": "1406286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406286" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/12/19/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/12/19/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716", "reference_id": "848716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716" }, { "reference_url": "http://www.securityfocus.com/bid/94977", "reference_id": "94977", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "http://www.securityfocus.com/bid/94977" }, { "reference_url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9", "reference_id": "ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_id": "display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171130-0002/", "reference_id": "ntap-20171130-0002", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20171130-0002/" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", "reference_id": "ssa-676336.pdf", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf" }, { "reference_url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_id": "viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/" } ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10011" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dscc-v22m-uyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4862?format=api", "vulnerability_id": "VCID-e2cy-pzgk-9ucu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.9962", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.90356", "scoring_system": "epss", "scoring_elements": "0.99621", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1041487", "reference_id": "1041487", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "http://www.securitytracker.com/id/1041487" }, { "reference_url": "http://www.securityfocus.com/bid/105140", "reference_id": "105140", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "http://www.securityfocus.com/bid/105140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619063", "reference_id": "1619063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619063" }, { "reference_url": "https://security.gentoo.org/glsa/201810-03", "reference_id": "201810-03", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://security.gentoo.org/glsa/201810-03" }, { "reference_url": "https://usn.ubuntu.com/3809-1/", "reference_id": "3809-1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://usn.ubuntu.com/3809-1/" }, { "reference_url": "https://www.exploit-db.com/exploits/45210/", "reference_id": "45210", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.exploit-db.com/exploits/45210/" }, { "reference_url": "https://www.exploit-db.com/exploits/45233/", "reference_id": "45233", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.exploit-db.com/exploits/45233/" }, { "reference_url": "https://www.exploit-db.com/exploits/45939/", "reference_id": "45939", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.exploit-db.com/exploits/45939/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2018/08/15/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { "reference_url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", "reference_id": "779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { "reference_url": "https://bugs.debian.org/906236", "reference_id": "906236", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://bugs.debian.org/906236" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236", "reference_id": "906236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236" }, { "reference_url": "https://security.archlinux.org/AVG-763", "reference_id": "AVG-763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-763" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "cpujan2020.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://bugfuzz.com/stuff/ssh-check-username.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://bugfuzz.com/stuff/ssh-check-username.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py", "reference_id": "CVE-2018-15473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4280", "reference_id": "dsa-4280", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4280" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181101-0001/", "reference_id": "ntap-20181101-0001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0711", "reference_id": "RHSA-2019:0711", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2143", "reference_id": "RHSA-2019:2143", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2143" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", "reference_id": "SNWLID-2018-0011", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078456?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2018-15473" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2cy-pzgk-9ucu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/890?format=api", "vulnerability_id": "VCID-eens-u1sp-17em", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.87184", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.87178", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.87132", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0312", "scoring_system": "epss", "scoring_elements": "0.87181", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/102780", "reference_id": "102780", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "http://www.securityfocus.com/bid/102780" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537929", "reference_id": "1537929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537929" }, { "reference_url": "https://usn.ubuntu.com/3809-1/", "reference_id": "3809-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://usn.ubuntu.com/3809-1/" }, { "reference_url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html", "reference_id": "fuzzing-tcp-servers.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html" }, { "reference_url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737", "reference_id": "?id=28652bca29046f62c7045e933e6b931de1d16737", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "reference_id": "index?page=content&id=SB10284", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { "reference_url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "K32485746?utm_source=f5support&%3Butm_medium=RSS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180423-0003/", "reference_id": "ntap-20180423-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180423-0003/" }, { "reference_url": "https://www.openssh.com/releasenotes.html", "reference_id": "releasenotes.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://www.openssh.com/releasenotes.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", "reference_id": "ssa-676336.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10708" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eens-u1sp-17em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/773?format=api", "vulnerability_id": "VCID-ga81-2agq-dfca", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06467", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06456", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06448", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06436", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1037490", "reference_id": "1037490", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "http://www.securitytracker.com/id/1037490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406293", "reference_id": "1406293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406293" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/12/19/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/12/19/2" }, { "reference_url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9", "reference_id": "3095060f479b86288e31c79ecbc5131a66bcd2f9", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717", "reference_id": "848717", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717" }, { "reference_url": "http://www.securityfocus.com/bid/94975", "reference_id": "94975", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "http://www.securityfocus.com/bid/94975" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_id": "display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" }, { "reference_url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "K62201745?utm_source=f5support&%3Butm_medium=RSS", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171130-0002/", "reference_id": "ntap-20171130-0002", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20171130-0002/" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_id": "viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/" } ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10012" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ga81-2agq-dfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7134?format=api", "vulnerability_id": "VCID-gmg1-md81-3ka6", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.53643", "scoring_system": "epss", "scoring_elements": "0.98045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.53643", "scoring_system": "epss", "scoring_elements": "0.98052", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.53643", "scoring_system": "epss", "scoring_elements": "0.98053", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.54213", "scoring_system": "epss", "scoring_elements": "0.98076", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/18/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/08/02/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1" }, { "reference_url": "http://www.securityfocus.com/bid/106741", "reference_id": "106741", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://www.securityfocus.com/bid/106741" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666127", "reference_id": "1666127", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666127" }, { "reference_url": "https://security.gentoo.org/glsa/201903-16", "reference_id": "201903-16", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "reference_url": "https://usn.ubuntu.com/3885-1/", "reference_id": "3885-1", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://usn.ubuntu.com/3885-1/" }, { "reference_url": "https://usn.ubuntu.com/3885-2/", "reference_id": "3885-2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://usn.ubuntu.com/3885-2/" }, { "reference_url": "https://www.exploit-db.com/exploits/46193/", "reference_id": "46193", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.exploit-db.com/exploits/46193/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486", "reference_id": "923486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486" }, { "reference_url": "https://security.archlinux.org/ASA-201904-11", "reference_id": "ASA-201904-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-11" }, { "reference_url": "https://security.archlinux.org/AVG-951", "reference_id": "AVG-951", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-951" }, { "reference_url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", "reference_id": "c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", "reference_id": "c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "cpuoct2019-5072832.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", "reference_id": "d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4387", "reference_id": "dsa-4387", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "reference_url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", "reference_id": "e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", "reference_id": "FreeBSD-EN-19:10.scp.asc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", "reference_id": "msg00058.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "reference_id": "ntap-20190213-0001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3702", "reference_id": "RHSA-2019:3702", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "reference_url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "reference_id": "scp.c", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "reference_url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "reference_id": "scp-client-multiple-vulnerabilities.txt", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", "reference_id": "show_bug.cgi?id=1677794", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", "reference_id": "W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078456?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2019-6111" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmg1-md81-3ka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65274?format=api", "vulnerability_id": "VCID-gvwt-pjzt-dbdw", "summary": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.75041", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.75054", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.75051", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778" }, { "reference_url": "http://www.securitytracker.com/id/1034671", "reference_id": "1034671", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.securitytracker.com/id/1034671" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298033", "reference_id": "1298033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298033" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "reference_id": "176349.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "reference_id": "176516.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" }, { "reference_url": "https://security.gentoo.org/glsa/201601-01", "reference_id": "201601-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://security.gentoo.org/glsa/201601-01" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Jan/44", "reference_id": "44", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Jan/44" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/14/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "reference_url": "http://www.securityfocus.com/bid/80698", "reference_id": "80698", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.securityfocus.com/bid/80698" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_id": "bulletinoct2015-2511968.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "reference_id": "docDisplay?docId=emr_na-c05247375", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "reference_id": "docDisplay?docId=emr_na-c05356388", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "reference_id": "docDisplay?docId=emr_na-c05385680", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_id": "docDisplay?docId=emr_na-c05390722", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3446", "reference_id": "dsa-3446", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3446" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "HT206167", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://support.apple.com/HT206167" }, { "reference_url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "reference_id": "index?page=content&id=JSA10734", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "reference_id": "linuxbulletinjan2016-2867209.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "reference_id": "msg00004.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html", "reference_id": "msg00009.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "reference_url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "reference_id": "Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" }, { "reference_url": "http://www.openssh.com/txt/release-7.1p2", "reference_id": "release-7.1p2", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.openssh.com/txt/release-7.1p2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0043", "reference_id": "RHSA-2016:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0043" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa109", "reference_id": "sa109", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/2869-1/", "reference_id": "USN-2869-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2869-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2869-1", "reference_id": "USN-2869-1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2869-1" }, { "reference_url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "reference_id": "utm-up2date-9-319-released", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "reference_url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "reference_id": "utm-up2date-9-354-released", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/" } ], "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074333?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-0778" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvwt-pjzt-dbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204322?format=api", "vulnerability_id": "VCID-hds4-e8hn-rkhy", "summary": "The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1907.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.68004", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.68092", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.68104", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.68101", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298746", "reference_id": "1298746", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298746" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-1907" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hds4-e8hn-rkhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28400?format=api", "vulnerability_id": "VCID-hfvj-pb4z-67av", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2756", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2735", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27553", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27576", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595", "reference_id": "1130595", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085", "reference_id": "2447085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/03/12/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3" }, { "reference_url": "https://ubuntu.com/security/CVE-2026-3497", "reference_id": "CVE-2026-3497", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/" } ], "url": "https://ubuntu.com/security/CVE-2026-3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10714", "reference_id": "RHSA-2026:10714", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12071", "reference_id": "RHSA-2026:12071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13750", "reference_id": "RHSA-2026:13750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13750" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13812", "reference_id": "RHSA-2026:13812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14773", "reference_id": "RHSA-2026:14773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14924", "reference_id": "RHSA-2026:14924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15087", "reference_id": "RHSA-2026:15087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15891", "reference_id": "RHSA-2026:15891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15893", "reference_id": "RHSA-2026:15893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16008", "reference_id": "RHSA-2026:16008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16009", "reference_id": "RHSA-2026:16009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16030", "reference_id": "RHSA-2026:16030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17596", "reference_id": "RHSA-2026:17596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19724", "reference_id": "RHSA-2026:19724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19725", "reference_id": "RHSA-2026:19725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20040", "reference_id": "RHSA-2026:20040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20087", "reference_id": "RHSA-2026:20087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21690", "reference_id": "RHSA-2026:21690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21695", "reference_id": "RHSA-2026:21695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25096", "reference_id": "RHSA-2026:25096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5475", "reference_id": "RHSA-2026:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6461", "reference_id": "RHSA-2026:6461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6462", "reference_id": "RHSA-2026:6462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6463", "reference_id": "RHSA-2026:6463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7107", "reference_id": "RHSA-2026:7107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9415", "reference_id": "RHSA-2026:9415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9732", "reference_id": "RHSA-2026:9732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9732" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2026-3497" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfvj-pb4z-67av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65273?format=api", "vulnerability_id": "VCID-kcgk-nx2a-cqc4", "summary": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77397", "scoring_system": "epss", "scoring_elements": "0.99005", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.77397", "scoring_system": "epss", "scoring_elements": "0.99009", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.77397", "scoring_system": "epss", "scoring_elements": "0.9901", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778" }, { "reference_url": "http://www.securitytracker.com/id/1034671", "reference_id": "1034671", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.securitytracker.com/id/1034671" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298032", "reference_id": "1298032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298032" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html", "reference_id": "175592.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html", "reference_id": "175676.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "reference_id": "176349.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "reference_id": "176516.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" }, { "reference_url": "https://security.gentoo.org/glsa/201601-01", "reference_id": "201601-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://security.gentoo.org/glsa/201601-01" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Jan/44", "reference_id": "44", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Jan/44" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/14/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "reference_url": "http://www.securityfocus.com/bid/80695", "reference_id": "80695", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.securityfocus.com/bid/80695" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984", "reference_id": "810984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_id": "bulletinoct2015-2511968.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "reference_id": "docDisplay?docId=emr_na-c05247375", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "reference_id": "docDisplay?docId=emr_na-c05356388", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "reference_id": "docDisplay?docId=emr_na-c05385680", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_id": "docDisplay?docId=emr_na-c05390722", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3446", "reference_id": "dsa-3446", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3446" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc", "reference_id": "FreeBSD-SA-16:07.openssh.asc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "HT206167", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://support.apple.com/HT206167" }, { "reference_url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "reference_id": "index?page=content&id=JSA10734", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "reference_id": "linuxbulletinjan2016-2867209.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "reference_id": "msg00004.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html", "reference_id": "msg00009.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "reference_url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "reference_id": "Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" }, { "reference_url": "http://www.openssh.com/txt/release-7.1p2", "reference_id": "release-7.1p2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.openssh.com/txt/release-7.1p2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0043", "reference_id": "RHSA-2016:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0043" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa109", "reference_id": "sa109", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/2869-1/", "reference_id": "USN-2869-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2869-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2869-1", "reference_id": "USN-2869-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2869-1" }, { "reference_url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "reference_id": "utm-up2date-9-319-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "reference_url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "reference_id": "utm-up2date-9-354-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/" } ], "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074333?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-0777" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcgk-nx2a-cqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28438?format=api", "vulnerability_id": "VCID-mbbh-g3se-2yen", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20897", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2109", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.21072", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572", "reference_id": "1132572", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454469", "reference_id": "2454469", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454469" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12389", "reference_id": "RHSA-2026:12389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13380", "reference_id": "RHSA-2026:13380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13381", "reference_id": "RHSA-2026:13381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13383", "reference_id": "RHSA-2026:13383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16059", "reference_id": "RHSA-2026:16059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19069", "reference_id": "RHSA-2026:19069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19219", "reference_id": "RHSA-2026:19219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20040", "reference_id": "RHSA-2026:20040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21298", "reference_id": "RHSA-2026:21298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21398", "reference_id": "RHSA-2026:21398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22329", "reference_id": "RHSA-2026:22329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22468", "reference_id": "RHSA-2026:22468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22564", "reference_id": "RHSA-2026:22564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22648", "reference_id": "RHSA-2026:22648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25063", "reference_id": "RHSA-2026:25063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25096", "reference_id": "RHSA-2026:25096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25096" }, { "reference_url": "https://usn.ubuntu.com/8222-1/", "reference_id": "USN-8222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2026-35385" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbbh-g3se-2yen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179610?format=api", "vulnerability_id": "VCID-nm47-brfe-rbfu", "summary": "An integer overflow in OpenSSH might allow an attacker to execute\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5084", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50973", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50989", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50976", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767966", "reference_id": "1767966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767966" }, { "reference_url": "https://security.gentoo.org/glsa/201911-01", "reference_id": "GLSA-201911-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2019-16905" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nm47-brfe-rbfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9275?format=api", "vulnerability_id": "VCID-payd-r87h-53cc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49268", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49405", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49423", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49411", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935055", "reference_id": "1935055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935055" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940", "reference_id": "984940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940" }, { "reference_url": "https://security.archlinux.org/ASA-202103-6", "reference_id": "ASA-202103-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-6" }, { "reference_url": "https://security.archlinux.org/AVG-1657", "reference_id": "AVG-1657", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1657" }, { "reference_url": "https://usn.ubuntu.com/4762-1/", "reference_id": "USN-4762-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4762-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2021-28041" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-payd-r87h-53cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199320?format=api", "vulnerability_id": "VCID-pxgq-mjwq-bfa7", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078456?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "DSA-4539-2 openssh" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxgq-mjwq-bfa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23529?format=api", "vulnerability_id": "VCID-rp48-23m3-h3bx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44867", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4488", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44865", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44714", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig", "reference_id": "013_ssh.patch.sig", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig" }, { "reference_url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html", "reference_id": "041879.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603", "reference_id": "1102603", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767", "reference_id": "2358767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367", "reference_id": "fc86875e6acb36401dfc1dfb6b628a9d1460f367", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367" }, { "reference_url": "https://www.openssh.com/txt/release-10.0", "reference_id": "release-10.0", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://www.openssh.com/txt/release-10.0" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20126", "reference_id": "RHSA-2025:20126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20126" }, { "reference_url": "https://usn.ubuntu.com/7457-1/", "reference_id": "USN-7457-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7457-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-32728" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp48-23m3-h3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1145?format=api", "vulnerability_id": "VCID-tq7z-791w-pfgc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.50367", "scoring_system": "epss", "scoring_elements": "0.97901", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.50367", "scoring_system": "epss", "scoring_elements": "0.97909", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1035249", "reference_id": "1035249", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://www.securitytracker.com/id/1035249" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316829", "reference_id": "1316829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316829" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html", "reference_id": "178838.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html", "reference_id": "179924.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html", "reference_id": "180491.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html", "reference_id": "183101.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html", "reference_id": "183122.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html", "reference_id": "184264.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "201612-18", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "https://www.exploit-db.com/exploits/39569/", "reference_id": "39569", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "https://www.exploit-db.com/exploits/39569/" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Mar/46", "reference_id": "46", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Mar/46" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Mar/47", "reference_id": "47", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Mar/47" }, { "reference_url": "http://www.securityfocus.com/bid/84314", "reference_id": "84314", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://www.securityfocus.com/bid/84314" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "bulletinapr2016-2952098.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", "reference_id": "cve-2016-3115", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115" }, { "reference_url": "https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115", "reference_id": "CVE-2016-3115", "reference_type": "exploit", "scores": [], "url": "https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py", "reference_id": "CVE-2016-3115", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc", "reference_id": "FreeBSD-SA-16:14.openssh.asc", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "linuxbulletinapr2016-2952096.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", "reference_id": "OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "reference_id": "ovmbulletinjul2016-3090546.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0465", "reference_id": "RHSA-2016:0465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0465" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html", "reference_id": "RHSA-2016-0465.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0466", "reference_id": "RHSA-2016:0466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0466" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html", "reference_id": "RHSA-2016-0466.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa121", "reference_id": "sa121", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "https://bto.bluecoat.com/security-advisory/sa121" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c", "reference_id": "session.c", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c" }, { "reference_url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h", "reference_id": "session.c.diff?r1=1.281&r2=1.282&f=h", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h" }, { "reference_url": "https://usn.ubuntu.com/2966-1/", "reference_id": "USN-2966-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2966-1/" }, { "reference_url": "http://www.openssh.com/txt/x11fwd.adv", "reference_id": "x11fwd.adv", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/" } ], "url": "http://www.openssh.com/txt/x11fwd.adv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-3115" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq7z-791w-pfgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/770?format=api", "vulnerability_id": "VCID-vb6z-841p-53bn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.82046", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.82047", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.82055", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81985", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1" }, { "reference_url": "http://www.securitytracker.com/id/1037490", "reference_id": "1037490", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://www.securitytracker.com/id/1037490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406269", "reference_id": "1406269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406269" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/12/19/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/12/19/2" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/31", "reference_id": "31", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/31" }, { "reference_url": "https://usn.ubuntu.com/3538-1/", "reference_id": "3538-1", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://usn.ubuntu.com/3538-1/" }, { "reference_url": "https://www.exploit-db.com/exploits/40963/", "reference_id": "40963", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://www.exploit-db.com/exploits/40963/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714", "reference_id": "848714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/19/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/9" }, { "reference_url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5", "reference_id": "9476ce1dd37d3c3218d5640b74c34c65e5f4efe5", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5" }, { "reference_url": "http://www.securityfocus.com/bid/94968", "reference_id": "94968", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://www.securityfocus.com/bid/94968" }, { "reference_url": "https://security.archlinux.org/ASA-201612-20", "reference_id": "ASA-201612-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-20" }, { "reference_url": "https://security.archlinux.org/AVG-110", "reference_id": "AVG-110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-110" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009", "reference_id": "CVE-2016-10009", "reference_type": "exploit", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt", "reference_id": "CVE-2016-10009", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_id": "display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc", "reference_id": "FreeBSD-SA-17:01.openssh.asc", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171130-0002/", "reference_id": "ntap-20171130-0002", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20171130-0002/" }, { "reference_url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html", "reference_id": "OpenSSH-Arbitrary-Library-Loading.html", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html" }, { "reference_url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", "reference_id": "OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_id": "viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/" } ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-10009" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vb6z-841p-53bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/158793?format=api", "vulnerability_id": "VCID-vcqw-c3yq-byhs", "summary": "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04139", "scoring_system": "epss", "scoring_elements": "0.889", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.04139", "scoring_system": "epss", "scoring_elements": "0.88937", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04139", "scoring_system": "epss", "scoring_elements": "0.88944", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/08/22/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/08/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252852", "reference_id": "1252852", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252852" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html", "reference_id": "165170.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html" }, { "reference_url": "https://security.gentoo.org/glsa/201512-04", "reference_id": "201512-04", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "https://security.gentoo.org/glsa/201512-04" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/Aug/54", "reference_id": "54", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://seclists.org/fulldisclosure/2015/Aug/54" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7", "reference_id": "5e75f5198769056089fb06c4d738ab0e5abc66f7", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7" }, { "reference_url": "http://www.securityfocus.com/bid/76317", "reference_id": "76317", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://www.securityfocus.com/bid/76317" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711", "reference_id": "795711", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711" }, { "reference_url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764", "reference_id": "brocade-security-advisory-2019-764", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "reference_id": "bulletinjan2016-2867206.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10136", "reference_id": "index?page=content&id=SB10136", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10136" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "reference_id": "linuxbulletinapr2016-2952096.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "linuxbulletinoct2015-2719645.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "reference_url": "http://www.openssh.com/txt/release-7.0", "reference_id": "release-7.0", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://www.openssh.com/txt/release-7.0" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2088", "reference_id": "RHSA-2015:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0741", "reference_id": "RHSA-2016:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0741" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html", "reference_id": "RHSA-2016-0741.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2015-6564" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqw-c3yq-byhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1646?format=api", "vulnerability_id": "VCID-vfn3-y9yg-3yc7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90046", "scoring_system": "epss", "scoring_elements": "0.99602", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.90046", "scoring_system": "epss", "scoring_elements": "0.99603", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1036319", "reference_id": "1036319", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "http://www.securitytracker.com/id/1036319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357442", "reference_id": "1357442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357442" }, { "reference_url": "https://security.gentoo.org/glsa/201612-18", "reference_id": "201612-18", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://security.gentoo.org/glsa/201612-18" }, { "reference_url": "https://www.exploit-db.com/exploits/40113/", "reference_id": "40113", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://www.exploit-db.com/exploits/40113/" }, { "reference_url": "https://www.exploit-db.com/exploits/40136/", "reference_id": "40136", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://www.exploit-db.com/exploits/40136/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902", "reference_id": "831902", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902" }, { "reference_url": "http://www.securityfocus.com/bid/91812", "reference_id": "91812", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "http://www.securityfocus.com/bid/91812" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Jul/51", "reference_id": "CVE-2016-6210", "reference_type": "exploit", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Jul/51" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40113.txt", "reference_id": "CVE-2016-6210", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40113.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40136.py", "reference_id": "CVE-2016-6210", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40136.py" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3626", "reference_id": "dsa-3626", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3626" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190206-0001/", "reference_id": "ntap-20190206-0001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190206-0001/" }, { "reference_url": "https://www.openssh.com/txt/release-7.3", "reference_id": "release-7.3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://www.openssh.com/txt/release-7.3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2029", "reference_id": "RHSA-2017:2029", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2563", "reference_id": "RHSA-2017:2563", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2563" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://usn.ubuntu.com/3061-1/", "reference_id": "USN-3061-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3061-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074333?format=api", "purl": "pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" } ], "aliases": [ "CVE-2016-6210" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfn3-y9yg-3yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16152?format=api", "vulnerability_id": "VCID-xsrv-ne3r-37ej", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17234", "scoring_system": "epss", "scoring_elements": "0.95175", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.18499", "scoring_system": "epss", "scoring_elements": "0.95414", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.18499", "scoring_system": "epss", "scoring_elements": "0.95409", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.18499", "scoring_system": "epss", "scoring_elements": "0.95415", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "reference_url": "https://security.gentoo.org/glsa/202312-17", "reference_id": "202312-17", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Mar/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255271", "reference_id": "2255271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255271" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/26/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/26/4" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a", "reference_id": "7ef3787c84b6b524501211b11a26c742f829af1a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5586", "reference_id": "dsa-5586", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "reference_url": "https://support.apple.com/kb/HT214084", "reference_id": "HT214084", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://support.apple.com/kb/HT214084" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0005/", "reference_id": "ntap-20240105-0005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/" }, { "reference_url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html", "reference_id": "openssh-proxycommand-libssh-rce.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html" }, { "reference_url": "https://www.openssh.com/txt/release-9.6", "reference_id": "release-9.6", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/" } ], "url": "https://www.openssh.com/txt/release-9.6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0429", "reference_id": "RHSA-2024:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0455", "reference_id": "RHSA-2024:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0594", "reference_id": "RHSA-2024:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0606", "reference_id": "RHSA-2024:0606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1130", "reference_id": "RHSA-2024:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22329", "reference_id": "RHSA-2026:22329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22329" }, { "reference_url": "https://usn.ubuntu.com/6560-2/", "reference_id": "USN-6560-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-2/" }, { "reference_url": "https://usn.ubuntu.com/6560-3/", "reference_id": "USN-6560-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-3/" }, { "reference_url": "https://usn.ubuntu.com/6565-1/", "reference_id": "USN-6565-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6565-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079932?format=api", "purl": "pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-yje6-k29k-fkch" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3" } ], "aliases": [ "CVE-2023-51385" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsrv-ne3r-37ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25795?format=api", "vulnerability_id": "VCID-z7bz-947q-jkgt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19395", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19564", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19588", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19568", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/10/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530", "reference_id": "1117530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962", "reference_id": "2401962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2", "reference_id": "?l=openssh-unix-dev&m=175974522032149&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2" }, { "reference_url": "https://www.openssh.com/releasenotes.html#10.1p1", "reference_id": "releasenotes.html#10.1p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://www.openssh.com/releasenotes.html#10.1p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23479", "reference_id": "RHSA-2025:23479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23480", "reference_id": "RHSA-2025:23480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23481", "reference_id": "RHSA-2025:23481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0693", "reference_id": "RHSA-2026:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0976", "reference_id": "RHSA-2026:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1678", "reference_id": "RHSA-2026:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1815", "reference_id": "RHSA-2026:1815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5475", "reference_id": "RHSA-2026:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5475" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079933?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-61985" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7bz-947q-jkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7132?format=api", "vulnerability_id": "VCID-z8hs-nkmn-dfcs", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6109.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6109.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.93139", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.93117", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.09738", "scoring_system": "epss", "scoring_elements": "0.9314", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666119", "reference_id": "1666119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666119" }, { "reference_url": "https://security.gentoo.org/glsa/201903-16", "reference_id": "201903-16", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "reference_url": "https://usn.ubuntu.com/3885-1/", "reference_id": "3885-1", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://usn.ubuntu.com/3885-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412", "reference_id": "793412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412" }, { "reference_url": "https://security.archlinux.org/ASA-201904-11", "reference_id": "ASA-201904-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-11" }, { "reference_url": "https://security.archlinux.org/AVG-951", "reference_id": "AVG-951", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-951" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "cpuoct2019-5072832.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4387", "reference_id": "dsa-4387", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", "reference_id": "msg00058.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "reference_id": "ntap-20190213-0001", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "reference_url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", "reference_id": "progressmeter.c", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3702", "reference_id": "RHSA-2019:3702", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "reference_url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "reference_id": "scp.c", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "reference_url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "reference_id": "scp-client-multiple-vulnerabilities.txt", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "reference_id": "ssa-412672.pdf", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", "reference_id": "W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076695?format=api", "purl": "pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078456?format=api", "purl": "pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2" } ], "aliases": [ "CVE-2019-6109" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8hs-nkmn-dfcs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111617?format=api", "vulnerability_id": "VCID-67qq-6dzp-d7ck", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2653.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2653.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.84607", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.84663", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.8467", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.8466", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081338", "reference_id": "1081338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081338" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html", "reference_id": "133537.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html", "reference_id": "134026.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html" }, { "reference_url": "http://secunia.com/advisories/59855", "reference_id": "59855", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://secunia.com/advisories/59855" }, { "reference_url": "http://www.securityfocus.com/bid/66459", "reference_id": "66459", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://www.securityfocus.com/bid/66459" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/03/26/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://openwall.com/lists/oss-security/2014/03/26/7" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068", "reference_id": "advisories?name=MDVSA-2014:068", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095", "reference_id": "advisories?name=MDVSA-2015:095", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513", "reference_id": "bugreport.cgi?bug=742513", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_id": "bulletinoct2015-2511968.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2894", "reference_id": "dsa-2894", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://www.debian.org/security/2014/dsa-2894" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2", "reference_id": "?l=bugtraq&m=141576985122836&w=2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2" }, { "reference_url": "http://advisories.mageia.org/MGASA-2014-0166.html", "reference_id": "MGASA-2014-0166.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://advisories.mageia.org/MGASA-2014-0166.html" }, { "reference_url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc", "reference_id": "openssh_advisory4.asc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1552", "reference_id": "RHSA-2014:1552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1552" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html", "reference_id": "RHSA-2014-1552.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0425", "reference_id": "RHSA-2015:0425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0425" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html", "reference_id": "RHSA-2015-0425.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html" }, { "reference_url": "https://usn.ubuntu.com/2164-1/", "reference_id": "USN-2164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2164-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2164-1", "reference_id": "USN-2164-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2164-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072298?format=api", "purl": "pkg:deb/debian/openssh@1:6.0p1-4%2Bdeb7u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-67qq-6dzp-d7ck" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-aws5-8ugp-f3cb" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-yujg-r2qc-n7br" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.0p1-4%252Bdeb7u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074331?format=api", "purl": "pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1" } ], "aliases": [ "CVE-2014-2653" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67qq-6dzp-d7ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199?format=api", "vulnerability_id": "VCID-aws5-8ugp-f3cb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2532.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2532.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2815", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27952", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28163", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28174", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1029925", "reference_id": "1029925", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.securitytracker.com/id/1029925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077843", "reference_id": "1077843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077843" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html", "reference_id": "133537.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html", "reference_id": "134026.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html" }, { "reference_url": "http://secunia.com/advisories/57488", "reference_id": "57488", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://secunia.com/advisories/57488" }, { "reference_url": "http://secunia.com/advisories/57574", "reference_id": "57574", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://secunia.com/advisories/57574" }, { "reference_url": "http://secunia.com/advisories/59313", "reference_id": "59313", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://secunia.com/advisories/59313" }, { "reference_url": "http://secunia.com/advisories/59855", "reference_id": "59855", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://secunia.com/advisories/59855" }, { "reference_url": "http://www.securityfocus.com/bid/66355", "reference_id": "66355", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.securityfocus.com/bid/66355" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986", "reference_id": "91986", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068", "reference_id": "advisories?name=MDVSA-2014:068", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095", "reference_id": "advisories?name=MDVSA-2015:095", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "reference_id": "cpuapr2016v3-2985753.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "cpujul2018-4258247.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "cpuoct2016-2881722.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2894", "reference_id": "dsa-2894", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.debian.org/security/2014/dsa-2894" }, { "reference_url": "https://security.gentoo.org/glsa/201405-06", "reference_id": "GLSA-201405-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-06" }, { "reference_url": "https://support.apple.com/HT205267", "reference_id": "HT205267", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "https://support.apple.com/HT205267" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2", "reference_id": "?l=bugtraq&m=141576985122836&w=2", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2" }, { "reference_url": "http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2", "reference_id": "?l=openbsd-security-announce&m=139492048027313&w=2", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2" }, { "reference_url": "http://advisories.mageia.org/MGASA-2014-0143.html", "reference_id": "MGASA-2014-0143.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://advisories.mageia.org/MGASA-2014-0143.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" }, { "reference_url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc", "reference_id": "openssh_advisory4.asc", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1552", "reference_id": "RHSA-2014:1552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1552" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html", "reference_id": "RHSA-2014-1552.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html" }, { "reference_url": "https://usn.ubuntu.com/2155-1/", "reference_id": "USN-2155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2155-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2155-1", "reference_id": "USN-2155-1", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2155-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072298?format=api", "purl": "pkg:deb/debian/openssh@1:6.0p1-4%2Bdeb7u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-67qq-6dzp-d7ck" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-aws5-8ugp-f3cb" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-yujg-r2qc-n7br" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.0p1-4%252Bdeb7u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074331?format=api", "purl": "pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1" } ], "aliases": [ "CVE-2014-2532" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aws5-8ugp-f3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202971?format=api", "vulnerability_id": "VCID-yujg-r2qc-n7br", "summary": "The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4548.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4548.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54191", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54316", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54335", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.5432", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1028418", "reference_id": "1028418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1028418" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029", "reference_id": "729029", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029" }, { "reference_url": "https://usn.ubuntu.com/2014-1/", "reference_id": "USN-2014-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2014-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074331?format=api", "purl": "pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124c-8gmd-xfb7" }, { "vulnerability": "VCID-1k3j-b43t-ckgx" }, { "vulnerability": "VCID-29b1-zcfn-1be6" }, { "vulnerability": "VCID-358j-tvz2-dbau" }, { "vulnerability": "VCID-3ky7-2mqj-q7gh" }, { "vulnerability": "VCID-3rbw-3649-xkgw" }, { "vulnerability": "VCID-51qb-g51q-b3fd" }, { "vulnerability": "VCID-59xb-y4z9-pbfp" }, { "vulnerability": "VCID-6c6q-52re-zqdc" }, { "vulnerability": "VCID-6ft3-n7d1-53h3" }, { "vulnerability": "VCID-8mhg-d4md-sbd7" }, { "vulnerability": "VCID-98ft-mftn-mfcu" }, { "vulnerability": "VCID-9ycf-2n8g-tyg6" }, { "vulnerability": "VCID-amga-n7sa-zket" }, { "vulnerability": "VCID-b8pn-bg8e-vyca" }, { "vulnerability": "VCID-bnpz-2y49-33cy" }, { "vulnerability": "VCID-c2p7-27z7-5ffc" }, { "vulnerability": "VCID-cm2c-arkw-audk" }, { "vulnerability": "VCID-d3f4-y8af-cbap" }, { "vulnerability": "VCID-dk18-vmt4-6yar" }, { "vulnerability": "VCID-dscc-v22m-uyab" }, { "vulnerability": "VCID-e2cy-pzgk-9ucu" }, { "vulnerability": "VCID-eens-u1sp-17em" }, { "vulnerability": "VCID-ga81-2agq-dfca" }, { "vulnerability": "VCID-gmg1-md81-3ka6" }, { "vulnerability": "VCID-gvwt-pjzt-dbdw" }, { "vulnerability": "VCID-hds4-e8hn-rkhy" }, { "vulnerability": "VCID-hfvj-pb4z-67av" }, { "vulnerability": "VCID-kcgk-nx2a-cqc4" }, { "vulnerability": "VCID-mbbh-g3se-2yen" }, { "vulnerability": "VCID-nm47-brfe-rbfu" }, { "vulnerability": "VCID-payd-r87h-53cc" }, { "vulnerability": "VCID-pxgq-mjwq-bfa7" }, { "vulnerability": "VCID-rp48-23m3-h3bx" }, { "vulnerability": "VCID-tq7z-791w-pfgc" }, { "vulnerability": "VCID-vb6z-841p-53bn" }, { "vulnerability": "VCID-vcqw-c3yq-byhs" }, { "vulnerability": "VCID-vfn3-y9yg-3yc7" }, { "vulnerability": "VCID-xsrv-ne3r-37ej" }, { "vulnerability": "VCID-z7bz-947q-jkgt" }, { "vulnerability": "VCID-z8hs-nkmn-dfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1" } ], "aliases": [ "CVE-2013-4548" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yujg-r2qc-n7br" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1" }