Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/146142?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/146142?format=api", "purl": "pkg:rpm/redhat/tfm-rubygem-hammer_cli_foreman@0.11.0.5-1?arch=el7sat", "type": "rpm", "namespace": "redhat", "name": "tfm-rubygem-hammer_cli_foreman", "version": "0.11.0.5-1", "qualifiers": { "arch": "el7sat" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38117?format=api", "vulnerability_id": "VCID-1qgk-p79g-y7gx", "summary": "Information disclosure vulnerability\nsafemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.", "references": [ { "reference_url": "http://projects.theforeman.org/issues/14635", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.theforeman.org/issues/14635" }, { "reference_url": "http://rubysec.com/advisories/CVE-2016-3693", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rubysec.com/advisories/CVE-2016-3693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.73043", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72999", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.73036", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3693" }, { "reference_url": "http://seclists.org/oss-sec/2016/q2/119", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2016/q2/119" }, { "reference_url": "https://github.com/svenfuchs/safemode", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/safemode" }, { "reference_url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f" }, { "reference_url": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2" }, { "reference_url": "http://theforeman.org/security.html#2016-3693", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://theforeman.org/security.html#2016-3693" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/04/20/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471", "reference_id": "1327471", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471" }, { "reference_url": "http://rubysec.com/advisories/CVE-2016-3693/", "reference_id": "CVE-2016-3693", "reference_type": "", "scores": [], "url": "http://rubysec.com/advisories/CVE-2016-3693/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3693", "reference_id": "CVE-2016-3693", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3693" }, { "reference_url": "https://github.com/advisories/GHSA-c92m-rrrc-q5wf", "reference_id": "GHSA-c92m-rrrc-q5wf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c92m-rrrc-q5wf" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3693", "GHSA-c92m-rrrc-q5wf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qgk-p79g-y7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112834?format=api", "vulnerability_id": "VCID-4gqc-k7e5-hqg1", "summary": "foreman: Stored XSS via organization/location with HTML in name", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8639", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.69331", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.69371", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.69379", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8639" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393291", "reference_id": "1393291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393291" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8639" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gqc-k7e5-hqg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112386?format=api", "vulnerability_id": "VCID-4qfx-t8sf-h7g8", "summary": "foreman: Information leak through organizations and locations feature", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55006", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55015", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386244", "reference_id": "1386244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386244" } ], "fixed_packages": [], "aliases": [ "CVE-2016-7078" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfx-t8sf-h7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112179?format=api", "vulnerability_id": "VCID-7rea-ykng-bkb9", "summary": "foreman-debug: missing obfuscation of sensitive information", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44407", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44475", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44483", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9593" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406384", "reference_id": "1406384", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406384" } ], "fixed_packages": [], "aliases": [ "CVE-2016-9593" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rea-ykng-bkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112288?format=api", "vulnerability_id": "VCID-8wsh-3yq1-7bcp", "summary": "foreman: Stored XSS in org/loc wizard", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55945", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56006", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8634" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520", "reference_id": "1391520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8634" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wsh-3yq1-7bcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111970?format=api", "vulnerability_id": "VCID-99nt-74qr-t3ds", "summary": "foreman: Image password leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38639", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38729", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38733", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439537", "reference_id": "1439537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439537" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2672" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99nt-74qr-t3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112597?format=api", "vulnerability_id": "VCID-baj4-m886-yufd", "summary": "foreman: Persistent XSS in Foreman remote execution plugin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.73123", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.73161", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.73167", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365815", "reference_id": "1365815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365815" } ], "fixed_packages": [], "aliases": [ "CVE-2016-6319" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-baj4-m886-yufd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40518?format=api", "vulnerability_id": "VCID-e8ue-zdcp-v3a4", "summary": "SQL Injection\nAn SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-14623", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2018-14623" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33466", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33482", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623" }, { "reference_url": "https://github.com/Katello/katello", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Katello/katello" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml" }, { "reference_url": "https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224" }, { "reference_url": "http://www.securityfocus.com/bid/106224", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106224" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719", "reference_id": "1623719", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14623", "reference_id": "CVE-2018-14623", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14623" }, { "reference_url": "https://github.com/advisories/GHSA-527r-mfmj-prqf", "reference_id": "GHSA-527r-mfmj-prqf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-527r-mfmj-prqf" }, { "reference_url": "https://github.com/advisories/GHSA-jx5v-788g-qw58", "reference_id": "GHSA-jx5v-788g-qw58", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jx5v-788g-qw58" } ], "fixed_packages": [], "aliases": [ "CVE-2018-14623", "GHSA-jx5v-788g-qw58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ue-zdcp-v3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112922?format=api", "vulnerability_id": "VCID-jqeh-9azg-vffw", "summary": "pulp: Leakage of CA key in pulp-qpid-ssl-cfg", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16949", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17028", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17024", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930", "reference_id": "1328930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3696" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqeh-9azg-vffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112886?format=api", "vulnerability_id": "VCID-mj5s-ce9z-97d3", "summary": "pulp: Unsafe use of bash $RANDOM for NSS DB password and seed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68112", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.6812", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264", "reference_id": "1330264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3704" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj5s-ce9z-97d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39466?format=api", "vulnerability_id": "VCID-mkgv-azrx-6yer", "summary": "Improper Certificate Validation\nHammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.", "references": [ { "reference_url": "http://projects.theforeman.org/issues/19033", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.theforeman.org/issues/19033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29098", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29131", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436262" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml" }, { "reference_url": "https://github.com/theforeman/hammer-cli-foreman", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/theforeman/hammer-cli-foreman" }, { "reference_url": "https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153" }, { "reference_url": "http://www.securityfocus.com/bid/97153", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/97153" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2667", "reference_id": "CVE-2017-2667", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2667" }, { "reference_url": "https://github.com/advisories/GHSA-77h8-xr85-3x5q", "reference_id": "GHSA-77h8-xr85-3x5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77h8-xr85-3x5q" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2667", "GHSA-77h8-xr85-3x5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkgv-azrx-6yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112175?format=api", "vulnerability_id": "VCID-ngns-8m65-8fgm", "summary": "katello-debug: Possible symlink attacks due to use of predictable file names", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13193", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13196", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406729", "reference_id": "1406729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406729" } ], "fixed_packages": [], "aliases": [ "CVE-2016-9595" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngns-8m65-8fgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112390?format=api", "vulnerability_id": "VCID-nyhv-pmy1-aqgn", "summary": "foreman: Foreman information leak through unauthorized multiple_checkboxes helper", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48593", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48656", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48665", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385777", "reference_id": "1385777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385777" } ], "fixed_packages": [], "aliases": [ "CVE-2016-7077" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyhv-pmy1-aqgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37613?format=api", "vulnerability_id": "VCID-qjub-b93r-zfad", "summary": "XSS vulnerabiliy in generated pagination links\nThe package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49365", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49293", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49355", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459" }, { "reference_url": "https://github.com/mislav/will_paginate", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mislav/will_paginate" }, { "reference_url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5" }, { "reference_url": "https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6459", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6459" }, { "reference_url": "https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046642", "reference_id": "1046642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209", "reference_id": "733209", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209" }, { "reference_url": "https://github.com/advisories/GHSA-8r6h-7x9g-xmw9", "reference_id": "GHSA-8r6h-7x9g-xmw9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r6h-7x9g-xmw9" } ], "fixed_packages": [], "aliases": [ "CVE-2013-6459", "GHSA-8r6h-7x9g-xmw9", "OSV-101138" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjub-b93r-zfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112740?format=api", "vulnerability_id": "VCID-qykc-fd8z-b7aa", "summary": "foreman: inside discovery-debug, the root password is displayed in plaintext", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12303", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12386", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12385", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4996" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349136", "reference_id": "1349136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349136" } ], "fixed_packages": [], "aliases": [ "CVE-2016-4996" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qykc-fd8z-b7aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111025?format=api", "vulnerability_id": "VCID-rzgz-2u1r-vfd6", "summary": "Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.8204", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01602", "scoring_system": "epss", "scoring_elements": "0.82074", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15699" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512724", "reference_id": "1512724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512724" } ], "fixed_packages": [], "aliases": [ "CVE-2017-15699" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzgz-2u1r-vfd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112739?format=api", "vulnerability_id": "VCID-sjqy-qthq-jfdc", "summary": "foreman: Information disclosure in provisioning template previews", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53502", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53562", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53571", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348939", "reference_id": "1348939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348939" } ], "fixed_packages": [], "aliases": [ "CVE-2016-4995" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sjqy-qthq-jfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95259?format=api", "vulnerability_id": "VCID-t96j-881u-rfdr", "summary": "The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82203", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82231", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82232", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335449", "reference_id": "1335449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335449" }, { "reference_url": "https://security.gentoo.org/glsa/201605-02", "reference_id": "GLSA-201605-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1080", "reference_id": "RHSA-2016:1080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0879", "reference_id": "RHSA-2017:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0880", "reference_id": "RHSA-2017:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0881", "reference_id": "RHSA-2017:0881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0882", "reference_id": "RHSA-2017:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0882" }, { "reference_url": "https://usn.ubuntu.com/2960-1/", "reference_id": "USN-2960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2960-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-1669" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t96j-881u-rfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98792?format=api", "vulnerability_id": "VCID-wqeh-3r7d-7ffz", "summary": "Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01449", "scoring_system": "epss", "scoring_elements": "0.81116", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01449", "scoring_system": "epss", "scoring_elements": "0.81143", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01449", "scoring_system": "epss", "scoring_elements": "0.81147", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651", "reference_id": "1452651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212", "reference_id": "863212", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2017-2295" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqeh-3r7d-7ffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112343?format=api", "vulnerability_id": "VCID-wxck-e2pc-aqdv", "summary": "foreman: Stored XSS vulnerability in remote execution plugin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73213", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7325", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73256", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8613" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232", "reference_id": "1387232", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8613" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxck-e2pc-aqdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112804?format=api", "vulnerability_id": "VCID-xa2e-pjyk-6kb6", "summary": "foreman: privilege escalation through Organization and Locations API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34113", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34212", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34228", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889", "reference_id": "1339889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889" } ], "fixed_packages": [], "aliases": [ "CVE-2016-4451" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2e-pjyk-6kb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111608?format=api", "vulnerability_id": "VCID-yphv-jrpk-2yg7", "summary": "foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35702", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35797", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35807", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480886", "reference_id": "1480886", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480886" } ], "fixed_packages": [], "aliases": [ "CVE-2014-8183" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yphv-jrpk-2yg7" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-hammer_cli_foreman@0.11.0.5-1%3Farch=el7sat" }