Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/libvncserver@0.9.11-14?arch=el8

Type rpm

Namespace redhat

Name libvncserver

Version 0.9.11-14

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-87tu-9917-7uca

vulnerability_id

VCID-87tu-9917-7uca

summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12448.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12448.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12448

reference_id

reference_type

scores

value	0.00489
scoring_system	epss
scoring_elements	0.65854
published_at	2026-06-04T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65907
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12448

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12448
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12448

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728564
reference_id	1728564
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728564

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
reference_id	929755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755

reference_url

https://security.archlinux.org/AVG-1007

reference_id

AVG-1007

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1007

reference_url	https://access.redhat.com/errata/RHSA-2020:1766
reference_id	RHSA-2020:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1766

reference_url	https://usn.ubuntu.com/4053-1/
reference_id	USN-4053-1
reference_type
scores
url	https://usn.ubuntu.com/4053-1/

fixed_packages

aliases

CVE-2019-12448

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-87tu-9917-7uca

url

VCID-cftv-ck6r-3ye6

vulnerability_id

VCID-cftv-ck6r-3ye6

summary

access restriction bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3825.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3825.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3825

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22715
published_at	2026-06-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22797
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3825

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3825
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3825

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1672825
reference_id	1672825
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1672825

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921764
reference_id	921764
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921764

reference_url	https://security.archlinux.org/ASA-201903-3
reference_id	ASA-201903-3
reference_type
scores
url	https://security.archlinux.org/ASA-201903-3

reference_url

https://security.archlinux.org/AVG-879

reference_id

AVG-879

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-879

reference_url	https://access.redhat.com/errata/RHSA-2020:1766
reference_id	RHSA-2020:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1766

reference_url	https://usn.ubuntu.com/3892-1/
reference_id	USN-3892-1
reference_type
scores
url	https://usn.ubuntu.com/3892-1/

fixed_packages

aliases

CVE-2019-3825

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cftv-ck6r-3ye6

url

VCID-j6gg-u25d-m3gz

vulnerability_id

VCID-j6gg-u25d-m3gz

summary

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20337

reference_id

reference_type

scores

value	0.00363
scoring_system	epss
scoring_elements	0.58643
published_at	2026-06-04T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.5869
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20337

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661555
reference_id	1661555
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661555

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080
reference_id	917080
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080

reference_url	https://access.redhat.com/errata/RHSA-2020:1766
reference_id	RHSA-2020:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1766

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

aliases

CVE-2018-20337

risk_score

1.5

exploitability

0.5

weighted_severity

3.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j6gg-u25d-m3gz

url

VCID-payc-kh4b-rbej

vulnerability_id

VCID-payc-kh4b-rbej

summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12447.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12447.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12447

reference_id

reference_type

scores

value	0.006
scoring_system	epss
scoring_elements	0.6984
published_at	2026-06-04T12:55:00Z

value	0.006
scoring_system	epss
scoring_elements	0.69879
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12447

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728562
reference_id	1728562
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728562

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
reference_id	929755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755

reference_url

https://security.archlinux.org/AVG-1007

reference_id

AVG-1007

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1007

reference_url	https://access.redhat.com/errata/RHSA-2020:1766
reference_id	RHSA-2020:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1766

reference_url	https://usn.ubuntu.com/4053-1/
reference_id	USN-4053-1
reference_type
scores
url	https://usn.ubuntu.com/4053-1/

fixed_packages

aliases

CVE-2019-12447

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-payc-kh4b-rbej

url

VCID-zqws-djs8-mye7

vulnerability_id

VCID-zqws-djs8-mye7

summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12449.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12449.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12449

reference_id

reference_type

scores

value	0.006
scoring_system	epss
scoring_elements	0.6984
published_at	2026-06-04T12:55:00Z

value	0.006
scoring_system	epss
scoring_elements	0.69879
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12449

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728567
reference_id	1728567
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728567

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
reference_id	929755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755

reference_url

https://security.archlinux.org/AVG-1007

reference_id

AVG-1007

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1007

reference_url	https://access.redhat.com/errata/RHSA-2020:1766
reference_id	RHSA-2020:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1766

reference_url	https://usn.ubuntu.com/4053-1/
reference_id	USN-4053-1
reference_type
scores
url	https://usn.ubuntu.com/4053-1/

fixed_packages

aliases

CVE-2019-12449

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zqws-djs8-mye7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libvncserver@0.9.11-14%3Farch=el8

Package Instance