Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/143457?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/143457?format=api", "purl": "pkg:rpm/redhat/libmediaart@1.9.4-1?arch=el7", "type": "rpm", "namespace": "redhat", "name": "libmediaart", "version": "1.9.4-1", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69440?format=api", "vulnerability_id": "VCID-3sfc-a2u5-nkgt", "summary": "FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.74367", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763609", "reference_id": "1763609", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4254", "reference_id": "RHSA-2019:4254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4254" } ], "fixed_packages": [], "aliases": [ "CVE-2015-9382" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sfc-a2u5-nkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98445?format=api", "vulnerability_id": "VCID-4hjh-cqg4-wqdk", "summary": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51066", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578777", "reference_id": "1578777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578777" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357", "reference_id": "898357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2017-18267" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjh-cqg4-wqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98455?format=api", "vulnerability_id": "VCID-7ukn-38hy-dffs", "summary": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83365", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576169", "reference_id": "1576169", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-10768" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ukn-38hy-dffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76257?format=api", "vulnerability_id": "VCID-9b9k-93ve-pbdu", "summary": "There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00854", "scoring_system": "epss", "scoring_elements": "0.75306", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576175", "reference_id": "1576175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576175" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133", "reference_id": "898133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-10767" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9b9k-93ve-pbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69863?format=api", "vulnerability_id": "VCID-bspu-grjr-f7h4", "summary": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04562", "scoring_system": "epss", "scoring_elements": "0.89386", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488817", "reference_id": "1488817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488817" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552", "reference_id": "874552", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2862" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bspu-grjr-f7h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104431?format=api", "vulnerability_id": "VCID-erk4-udeu-r3eq", "summary": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3861", "scoring_system": "epss", "scoring_elements": "0.97329", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4121" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577387", "reference_id": "1577387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577387" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1522", "reference_id": "CVE-2018-4121", "reference_type": "exploit", "scores": [], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1522" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44427.txt", "reference_id": "CVE-2018-4121", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44427.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-4121" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erk4-udeu-r3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98456?format=api", "vulnerability_id": "VCID-fmqa-fers-5ydf", "summary": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00696", "scoring_system": "epss", "scoring_elements": "0.72309", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838", "reference_id": "1602838", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922", "reference_id": "904922", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-13988" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqa-fers-5ydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104413?format=api", "vulnerability_id": "VCID-h8nb-gtwb-3yhk", "summary": "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4415", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588742", "reference_id": "1588742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-11712" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8nb-gtwb-3yhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58460?format=api", "vulnerability_id": "VCID-k4kq-fbtc-1qbt", "summary": "Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79577", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14036" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601019", "reference_id": "1601019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601019" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828", "reference_id": "903828", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-14036" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4kq-fbtc-1qbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104448?format=api", "vulnerability_id": "VCID-p55u-zx5u-7kax", "summary": "An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4200.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40022", "scoring_system": "epss", "scoring_elements": "0.97408", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577385", "reference_id": "1577385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577385" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1525", "reference_id": "CVE-2018-4200", "reference_type": "exploit", "scores": [], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1525" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44566.html", "reference_id": "CVE-2018-4200", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44566.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-4200" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p55u-zx5u-7kax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69437?format=api", "vulnerability_id": "VCID-p7jb-tuz7-t3h7", "summary": "FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00711", "scoring_system": "epss", "scoring_elements": "0.72627", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9381" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752788", "reference_id": "1752788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4254", "reference_id": "RHSA-2019:4254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4254" } ], "fixed_packages": [], "aliases": [ "CVE-2015-9381" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7jb-tuz7-t3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104414?format=api", "vulnerability_id": "VCID-qb6u-ddgw-zyhf", "summary": "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68346", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11713" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588739", "reference_id": "1588739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-11713" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb6u-ddgw-zyhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76256?format=api", "vulnerability_id": "VCID-tqk7-nf3c-cfhy", "summary": "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.7438", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576111", "reference_id": "1576111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576111" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954", "reference_id": "897954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-10733" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqk7-nf3c-cfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104450?format=api", "vulnerability_id": "VCID-yzd8-pjer-mkgf", "summary": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03746", "scoring_system": "epss", "scoring_elements": "0.88222", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4204" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577374", "reference_id": "1577374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-4204" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzd8-pjer-mkgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77375?format=api", "vulnerability_id": "VCID-zsuu-ju1a-4qfz", "summary": "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04538", "scoring_system": "epss", "scoring_elements": "0.89361", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597980", "reference_id": "1597980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" } ], "fixed_packages": [], "aliases": [ "CVE-2018-12910" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsuu-ju1a-4qfz" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libmediaart@1.9.4-1%3Farch=el7" }