Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1085366?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1085366?format=api", "purl": "pkg:deb/debian/bzip2@1.0.3-6", "type": "deb", "namespace": "debian", "name": "bzip2", "version": "1.0.3-6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.0.6-9.2~deb10u1", "latest_non_vulnerable_version": "1.0.6-9.2~deb10u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6201?format=api", "vulnerability_id": "VCID-6337-hr5n-qyey", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78645", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78628", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78562", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78641", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/22", "reference_id": "22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/22" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332075", "reference_id": "2332075", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332075" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/4" }, { "reference_url": "https://usn.ubuntu.com/4038-1/", "reference_id": "4038-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://usn.ubuntu.com/4038-1/" }, { "reference_url": "https://usn.ubuntu.com/4038-2/", "reference_id": "4038-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://usn.ubuntu.com/4038-2/" }, { "reference_url": "https://usn.ubuntu.com/4146-1/", "reference_id": "4146-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://usn.ubuntu.com/4146-1/" }, { "reference_url": "https://usn.ubuntu.com/4146-2/", "reference_id": "4146-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://usn.ubuntu.com/4146-2/" }, { "reference_url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", "reference_id": "74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930886", "reference_id": "930886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359", "reference_id": "934359", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "cpuoct2020.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", "reference_id": "FreeBSD-SA-19:18.bzip2.asc", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc" }, { "reference_url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "reference_id": "FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html" }, { "reference_url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "K68713584?utm_source=f5support&%3Butm_medium=RSS", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html", "reference_id": "msg00012.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html", "reference_id": "msg00040.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html", "reference_id": "msg00050.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", "reference_id": "msg00078.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html" }, { "reference_url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", "reference_id": "ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E", "reference_id": "rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E", "reference_id": "rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10803", "reference_id": "RHSA-2024:10803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8922", "reference_id": "RHSA-2024:8922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0733", "reference_id": "RHSA-2025:0733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0925", "reference_id": "RHSA-2025:0925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1154", "reference_id": "RHSA-2025:1154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1154" }, { "reference_url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", "reference_id": "Slackware-Security-Advisory-bzip2-Updates.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/" } ], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1151815?format=api", "purl": "pkg:deb/debian/bzip2@1.0.6-9.2~deb10u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.6-9.2~deb10u1" } ], "aliases": [ "CVE-2019-12900" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6337-hr5n-qyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1158?format=api", "vulnerability_id": "VCID-7mts-4d2b-ebbk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.96118", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.96131", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.9613", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.96133", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/20/1" }, { "reference_url": "http://www.securitytracker.com/id/1036132", "reference_id": "1036132", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.securitytracker.com/id/1036132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-08", "reference_id": "201708-08", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://security.gentoo.org/glsa/201708-08" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/22", "reference_id": "22", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/22" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/4" }, { "reference_url": "https://usn.ubuntu.com/4038-1/", "reference_id": "4038-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://usn.ubuntu.com/4038-1/" }, { "reference_url": "https://usn.ubuntu.com/4038-2/", "reference_id": "4038-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://usn.ubuntu.com/4038-2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744", "reference_id": "827744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744" }, { "reference_url": "http://www.securityfocus.com/bid/91297", "reference_id": "91297", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.securityfocus.com/bid/91297" }, { "reference_url": "https://security.archlinux.org/ASA-201702-19", "reference_id": "ASA-201702-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201702-19" }, { "reference_url": "https://security.archlinux.org/AVG-4", "reference_id": "AVG-4", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-4" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "bulletinjul2016-3090568.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "cpuoct2020.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", "reference_id": "FreeBSD-SA-19:18.bzip2.asc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc" }, { "reference_url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "reference_id": "FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" }, { "reference_url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", "reference_id": "r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", "reference_id": "r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", "reference_id": "r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", "reference_id": "r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", "reference_id": "r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", "reference_id": "r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", "reference_id": "r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", "reference_id": "ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", "reference_id": "redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", "reference_id": "rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", "reference_id": "show_bug.cgi?id=1319648", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648" }, { "reference_url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", "reference_id": "Slackware-Security-Advisory-bzip2-Updates.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1138745?format=api", "purl": "pkg:deb/debian/bzip2@1.0.6-8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6337-hr5n-qyey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.6-8.1" } ], "aliases": [ "CVE-2016-3189" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mts-4d2b-ebbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180163?format=api", "vulnerability_id": "VCID-j6d7-d4ka-u3e4", "summary": "Multiple vulnerabilities were found in Clam AntiVirus, the most\n severe of which may allow the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0405.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07688", "scoring_system": "epss", "scoring_elements": "0.92098", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07688", "scoring_system": "epss", "scoring_elements": "0.92124", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07688", "scoring_system": "epss", "scoring_elements": "0.9213", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.07688", "scoring_system": "epss", "scoring_elements": "0.92128", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882", "reference_id": "627882", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882" }, { "reference_url": "https://security.gentoo.org/glsa/201110-20", "reference_id": "GLSA-201110-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-20" }, { "reference_url": "https://security.gentoo.org/glsa/201301-05", "reference_id": "GLSA-201301-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0703", "reference_id": "RHSA-2010:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0858", "reference_id": "RHSA-2010:0858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0858" }, { "reference_url": "https://usn.ubuntu.com/986-1/", "reference_id": "USN-986-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/986-1/" }, { "reference_url": "https://usn.ubuntu.com/986-2/", "reference_id": "USN-986-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/986-2/" }, { "reference_url": "https://usn.ubuntu.com/986-3/", "reference_id": "USN-986-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/986-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1087423?format=api", "purl": "pkg:deb/debian/bzip2@1.0.5-6%2Bsqueeze1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6337-hr5n-qyey" }, { "vulnerability": "VCID-7mts-4d2b-ebbk" }, { "vulnerability": "VCID-r1z5-yrv6-1qam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.5-6%252Bsqueeze1" } ], "aliases": [ "CVE-2010-0405" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6d7-d4ka-u3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202064?format=api", "vulnerability_id": "VCID-r1z5-yrv6-1qam", "summary": "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4089.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4089.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4089", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35573", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35753", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35772", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35756", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4089" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4089" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862", "reference_id": "632862", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/18147.c", "reference_id": "CVE-2011-4089;OSVDB-77356", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/18147.c" }, { "reference_url": "https://usn.ubuntu.com/1308-1/", "reference_id": "USN-1308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1308-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1087424?format=api", "purl": "pkg:deb/debian/bzip2@1.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6337-hr5n-qyey" }, { "vulnerability": "VCID-7mts-4d2b-ebbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.6-4" } ], "aliases": [ "CVE-2011-4089" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1z5-yrv6-1qam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176989?format=api", "vulnerability_id": "VCID-w1t5-m6ba-9yfs", "summary": "A Denial of Service vulnerability was discovered in Analog.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07739", "scoring_system": "epss", "scoring_elements": "0.92125", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07739", "scoring_system": "epss", "scoring_elements": "0.92152", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07739", "scoring_system": "epss", "scoring_elements": "0.92158", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.07739", "scoring_system": "epss", "scoring_elements": "0.92155", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438118", "reference_id": "438118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438118" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471670", "reference_id": "471670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471670" }, { "reference_url": "https://security.gentoo.org/glsa/200804-02", "reference_id": "GLSA-200804-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200804-02" }, { "reference_url": "https://security.gentoo.org/glsa/200903-40", "reference_id": "GLSA-200903-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200903-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0893", "reference_id": "RHSA-2008:0893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0893" }, { "reference_url": "https://usn.ubuntu.com/590-1/", "reference_id": "USN-590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/590-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1087422?format=api", "purl": "pkg:deb/debian/bzip2@1.0.5-1%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6337-hr5n-qyey" }, { "vulnerability": "VCID-7mts-4d2b-ebbk" }, { "vulnerability": "VCID-j6d7-d4ka-u3e4" }, { "vulnerability": "VCID-r1z5-yrv6-1qam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.5-1%252Blenny1" } ], "aliases": [ "CVE-2008-1372" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1t5-m6ba-9yfs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200029?format=api", "vulnerability_id": "VCID-6p4j-8tkm-8ya4", "summary": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0758.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40281", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40449", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40471", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.4046", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617573", "reference_id": "1617573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617573" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321286", "reference_id": "321286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:357", "reference_id": "RHSA-2005:357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:474", "reference_id": "RHSA-2005:474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:474" }, { "reference_url": "https://usn.ubuntu.com/158-1/", "reference_id": "USN-158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/158-1/" }, { "reference_url": "https://usn.ubuntu.com/161-1/", "reference_id": "USN-161-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/161-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1085366?format=api", "purl": "pkg:deb/debian/bzip2@1.0.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6337-hr5n-qyey" }, { "vulnerability": "VCID-7mts-4d2b-ebbk" }, { "vulnerability": "VCID-j6d7-d4ka-u3e4" }, { "vulnerability": "VCID-r1z5-yrv6-1qam" }, { "vulnerability": "VCID-w1t5-m6ba-9yfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.3-6" } ], "aliases": [ "CVE-2005-0758" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6p4j-8tkm-8ya4" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/bzip2@1.0.3-6" }