Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/samba@3.0.25-1?distro=trixie

Type deb

Namespace debian

Name samba

Version 3.0.25-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.0.26-1

Latest_non_vulnerable_version 2:4.24.3+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1k7z-b2yr-xug1

vulnerability_id VCID-1k7z-b2yr-xug1

summary Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2446.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2446.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-2446

reference_id

reference_type

scores

value	0.89173
scoring_system	epss
scoring_elements	0.99552
published_at	2026-06-04T12:55:00Z

value	0.89173
scoring_system	epss
scoring_elements	0.99553
published_at	2026-06-06T12:55:00Z

value	0.90126
scoring_system	epss
scoring_elements	0.99604
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2446

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=239429
reference_id	239429
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=239429

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16859.rb
reference_id	CVE-2007-2446;OSVDB-34699
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16859.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/9950.rb
reference_id	CVE-2007-2446;OSVDB-34699
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/9950.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/16875.rb
reference_id	CVE-2007-2446;OSVDB-34699
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/16875.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/solaris/remote/16329.rb
reference_id	CVE-2007-2446;OSVDB-34699
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/solaris/remote/16329.rb

reference_url	https://security.gentoo.org/glsa/200705-15
reference_id	GLSA-200705-15
reference_type
scores
url	https://security.gentoo.org/glsa/200705-15

reference_url	https://access.redhat.com/errata/RHSA-2007:0354
reference_id	RHSA-2007:0354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0354

reference_url	https://usn.ubuntu.com/460-1/
reference_id	USN-460-1
reference_type
scores
url	https://usn.ubuntu.com/460-1/

fixed_packages

url	pkg:deb/debian/samba@3.0.25-1?distro=trixie
purl	pkg:deb/debian/samba@3.0.25-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@3.0.25-1%3Fdistro=trixie

url pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

purl pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tc4-e6tj-3qfa

vulnerability	VCID-7n9k-74nf-ayah

vulnerability	VCID-7rsk-suge-a7b4

vulnerability	VCID-8jp7-e281-tqha

vulnerability	VCID-8yq8-wp1b-p7gt

vulnerability	VCID-9cv8-xnmm-cyh8

vulnerability	VCID-9kyr-nxjs-xkaw

vulnerability	VCID-afjh-h9hy-u7dz

vulnerability	VCID-atg1-qx5q-hfdu

vulnerability	VCID-bkse-muh9-t7a8

vulnerability	VCID-e2b4-vjgq-sbdq

vulnerability	VCID-fb3p-pr3k-wbhj

vulnerability	VCID-fj5p-xkmp-vken

vulnerability	VCID-gec9-c1be-dkba

vulnerability	VCID-gx57-3mtp-hqdh

vulnerability	VCID-hxfw-6htj-wkhg

vulnerability	VCID-j1a6-7vhx-sbh7

vulnerability	VCID-j358-djx5-8qdw

vulnerability	VCID-mnnu-hrtz-uyeg

vulnerability	VCID-mtrk-m8jm-gyfg

vulnerability	VCID-t156-69p4-s7gu

vulnerability	VCID-usyw-3jt1-xyez

vulnerability	VCID-wc2t-bbf1-mua5

vulnerability	VCID-x9ky-gfg3-hfen

vulnerability	VCID-xmpf-4zxw-dybe

vulnerability	VCID-xt8n-4rnc-b7fs

vulnerability	VCID-zx6s-p6p1-z7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.13.13%252Bdfsg-1~deb11u6%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.17.12%252Bdfsg-0%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.22.8%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.24.3%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-2446

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1k7z-b2yr-xug1

url VCID-kr3y-cghu-s7cs

vulnerability_id VCID-kr3y-cghu-s7cs

summary The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2447.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2447.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-2447

reference_id

reference_type

scores

value	0.43147
scoring_system	epss
scoring_elements	0.97574
published_at	2026-06-08T12:55:00Z

value	0.49575
scoring_system	epss
scoring_elements	0.97854
published_at	2026-06-04T12:55:00Z

value	0.49575
scoring_system	epss
scoring_elements	0.97857
published_at	2026-06-05T12:55:00Z

value	0.49575
scoring_system	epss
scoring_elements	0.97859
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=239774
reference_id	239774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=239774

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/16320.rb
reference_id	CVE-2007-2447;OSVDB-34700
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/16320.rb

reference_url	https://security.gentoo.org/glsa/200705-15
reference_id	GLSA-200705-15
reference_type
scores
url	https://security.gentoo.org/glsa/200705-15

reference_url	https://access.redhat.com/errata/RHSA-2007:0354
reference_id	RHSA-2007:0354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0354

reference_url	https://usn.ubuntu.com/460-1/
reference_id	USN-460-1
reference_type
scores
url	https://usn.ubuntu.com/460-1/

fixed_packages

url	pkg:deb/debian/samba@3.0.25-1?distro=trixie
purl	pkg:deb/debian/samba@3.0.25-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@3.0.25-1%3Fdistro=trixie

url pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

purl pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tc4-e6tj-3qfa

vulnerability	VCID-7n9k-74nf-ayah

vulnerability	VCID-7rsk-suge-a7b4

vulnerability	VCID-8jp7-e281-tqha

vulnerability	VCID-8yq8-wp1b-p7gt

vulnerability	VCID-9cv8-xnmm-cyh8

vulnerability	VCID-9kyr-nxjs-xkaw

vulnerability	VCID-afjh-h9hy-u7dz

vulnerability	VCID-atg1-qx5q-hfdu

vulnerability	VCID-bkse-muh9-t7a8

vulnerability	VCID-e2b4-vjgq-sbdq

vulnerability	VCID-fb3p-pr3k-wbhj

vulnerability	VCID-fj5p-xkmp-vken

vulnerability	VCID-gec9-c1be-dkba

vulnerability	VCID-gx57-3mtp-hqdh

vulnerability	VCID-hxfw-6htj-wkhg

vulnerability	VCID-j1a6-7vhx-sbh7

vulnerability	VCID-j358-djx5-8qdw

vulnerability	VCID-mnnu-hrtz-uyeg

vulnerability	VCID-mtrk-m8jm-gyfg

vulnerability	VCID-t156-69p4-s7gu

vulnerability	VCID-usyw-3jt1-xyez

vulnerability	VCID-wc2t-bbf1-mua5

vulnerability	VCID-x9ky-gfg3-hfen

vulnerability	VCID-xmpf-4zxw-dybe

vulnerability	VCID-xt8n-4rnc-b7fs

vulnerability	VCID-zx6s-p6p1-z7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.13.13%252Bdfsg-1~deb11u6%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.17.12%252Bdfsg-0%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.22.8%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.24.3%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-2447

risk_score 0.8

exploitability 2.0

weighted_severity 0.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kr3y-cghu-s7cs

url VCID-wwk6-xbnh-rqfr

vulnerability_id VCID-wwk6-xbnh-rqfr

summary Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2444.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2444.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-2444

reference_id

reference_type

scores

value	0.01051
scoring_system	epss
scoring_elements	0.77891
published_at	2026-06-04T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77918
published_at	2026-06-05T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77925
published_at	2026-06-06T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77915
published_at	2026-06-07T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77904
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2444

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444

reference_url	https://security.gentoo.org/glsa/200705-15
reference_id	GLSA-200705-15
reference_type
scores
url	https://security.gentoo.org/glsa/200705-15

reference_url	https://usn.ubuntu.com/460-1/
reference_id	USN-460-1
reference_type
scores
url	https://usn.ubuntu.com/460-1/

fixed_packages

url	pkg:deb/debian/samba@3.0.25-1?distro=trixie
purl	pkg:deb/debian/samba@3.0.25-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@3.0.25-1%3Fdistro=trixie

url pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

purl pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tc4-e6tj-3qfa

vulnerability	VCID-7n9k-74nf-ayah

vulnerability	VCID-7rsk-suge-a7b4

vulnerability	VCID-8jp7-e281-tqha

vulnerability	VCID-8yq8-wp1b-p7gt

vulnerability	VCID-9cv8-xnmm-cyh8

vulnerability	VCID-9kyr-nxjs-xkaw

vulnerability	VCID-afjh-h9hy-u7dz

vulnerability	VCID-atg1-qx5q-hfdu

vulnerability	VCID-bkse-muh9-t7a8

vulnerability	VCID-e2b4-vjgq-sbdq

vulnerability	VCID-fb3p-pr3k-wbhj

vulnerability	VCID-fj5p-xkmp-vken

vulnerability	VCID-gec9-c1be-dkba

vulnerability	VCID-gx57-3mtp-hqdh

vulnerability	VCID-hxfw-6htj-wkhg

vulnerability	VCID-j1a6-7vhx-sbh7

vulnerability	VCID-j358-djx5-8qdw

vulnerability	VCID-mnnu-hrtz-uyeg

vulnerability	VCID-mtrk-m8jm-gyfg

vulnerability	VCID-t156-69p4-s7gu

vulnerability	VCID-usyw-3jt1-xyez

vulnerability	VCID-wc2t-bbf1-mua5

vulnerability	VCID-x9ky-gfg3-hfen

vulnerability	VCID-xmpf-4zxw-dybe

vulnerability	VCID-xt8n-4rnc-b7fs

vulnerability	VCID-zx6s-p6p1-z7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.13.13%252Bdfsg-1~deb11u6%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.17.12%252Bdfsg-0%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.22.8%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.24.3%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-2444

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwk6-xbnh-rqfr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@3.0.25-1%3Fdistro=trixie

Package Instance