Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/tfm-rubygem-hammer_cli@0.11.0.1-1?arch=el7sat
Typerpm
Namespaceredhat
Nametfm-rubygem-hammer_cli
Version0.11.0.1-1
Qualifiers
arch el7sat
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1qgk-p79g-y7gx
vulnerability_id VCID-1qgk-p79g-y7gx
summary 
Information disclosure vulnerability
safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
references
0
reference_url http://projects.theforeman.org/issues/14635
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://projects.theforeman.org/issues/14635
1
reference_url http://rubysec.com/advisories/CVE-2016-3693
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rubysec.com/advisories/CVE-2016-3693
2
reference_url https://access.redhat.com/errata/RHSA-2018:0336
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0336
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3693
reference_id
reference_type
scores
0
value 0.00728
scoring_system epss
scoring_elements 0.73036
published_at 2026-06-05T12:55:00Z
1
value 0.00728
scoring_system epss
scoring_elements 0.72999
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3693
5
reference_url http://seclists.org/oss-sec/2016/q2/119
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
url http://seclists.org/oss-sec/2016/q2/119
6
reference_url https://github.com/svenfuchs/safemode
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/svenfuchs/safemode
7
reference_url https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
8
reference_url https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
9
reference_url http://theforeman.org/security.html#2016-3693
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://theforeman.org/security.html#2016-3693
10
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/04/20/8
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1327471
reference_id 1327471
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1327471
12
reference_url http://rubysec.com/advisories/CVE-2016-3693/
reference_id CVE-2016-3693
reference_type
scores
url http://rubysec.com/advisories/CVE-2016-3693/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3693
reference_id CVE-2016-3693
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3693
14
reference_url https://github.com/advisories/GHSA-c92m-rrrc-q5wf
reference_id GHSA-c92m-rrrc-q5wf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c92m-rrrc-q5wf
fixed_packages
aliases CVE-2016-3693, GHSA-c92m-rrrc-q5wf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qgk-p79g-y7gx
1
url VCID-4gqc-k7e5-hqg1
vulnerability_id VCID-4gqc-k7e5-hqg1
summary foreman: Stored XSS via organization/location with HTML in name
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8639
reference_id
reference_type
scores
0
value 0.00582
scoring_system epss
scoring_elements 0.69331
published_at 2026-06-04T12:55:00Z
1
value 0.00582
scoring_system epss
scoring_elements 0.69371
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8639
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1393291
reference_id 1393291
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1393291
fixed_packages
aliases CVE-2016-8639
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gqc-k7e5-hqg1
2
url VCID-4qfx-t8sf-h7g8
vulnerability_id VCID-4qfx-t8sf-h7g8
summary foreman: Information leak through organizations and locations feature
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7078
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.54948
published_at 2026-06-04T12:55:00Z
1
value 0.00316
scoring_system epss
scoring_elements 0.55006
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7078
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1386244
reference_id 1386244
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1386244
fixed_packages
aliases CVE-2016-7078
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfx-t8sf-h7g8
3
url VCID-7rea-ykng-bkb9
vulnerability_id VCID-7rea-ykng-bkb9
summary foreman-debug: missing obfuscation of sensitive information
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9593
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44407
published_at 2026-06-04T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44475
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9593
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1406384
reference_id 1406384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1406384
fixed_packages
aliases CVE-2016-9593
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rea-ykng-bkb9
4
url VCID-8wsh-3yq1-7bcp
vulnerability_id VCID-8wsh-3yq1-7bcp
summary foreman: Stored XSS in org/loc wizard
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8634
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55945
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8634
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1391520
reference_id 1391520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1391520
fixed_packages
aliases CVE-2016-8634
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wsh-3yq1-7bcp
5
url VCID-99nt-74qr-t3ds
vulnerability_id VCID-99nt-74qr-t3ds
summary foreman: Image password leak
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2672
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38639
published_at 2026-06-04T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38729
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2672
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1439537
reference_id 1439537
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1439537
fixed_packages
aliases CVE-2017-2672
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99nt-74qr-t3ds
6
url VCID-baj4-m886-yufd
vulnerability_id VCID-baj4-m886-yufd
summary foreman: Persistent XSS in Foreman remote execution plugin
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6319
reference_id
reference_type
scores
0
value 0.00734
scoring_system epss
scoring_elements 0.73123
published_at 2026-06-04T12:55:00Z
1
value 0.00734
scoring_system epss
scoring_elements 0.73161
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6319
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1365815
reference_id 1365815
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1365815
fixed_packages
aliases CVE-2016-6319
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-baj4-m886-yufd
7
url VCID-e8ue-zdcp-v3a4
vulnerability_id VCID-e8ue-zdcp-v3a4
summary 
SQL Injection
An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0336
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0336
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json
2
reference_url https://access.redhat.com/security/cve/CVE-2018-14623
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2018-14623
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14623
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33364
published_at 2026-06-04T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33466
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14623
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
5
reference_url https://github.com/Katello/katello
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml
7
reference_url https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
8
reference_url http://www.securityfocus.com/bid/106224
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106224
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1623719
reference_id 1623719
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1623719
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14623
reference_id CVE-2018-14623
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14623
11
reference_url https://github.com/advisories/GHSA-527r-mfmj-prqf
reference_id GHSA-527r-mfmj-prqf
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-527r-mfmj-prqf
12
reference_url https://github.com/advisories/GHSA-jx5v-788g-qw58
reference_id GHSA-jx5v-788g-qw58
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx5v-788g-qw58
fixed_packages
aliases CVE-2018-14623, GHSA-jx5v-788g-qw58
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ue-zdcp-v3a4
8
url VCID-jqeh-9azg-vffw
vulnerability_id VCID-jqeh-9azg-vffw
summary pulp: Leakage of CA key in pulp-qpid-ssl-cfg
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3696
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16949
published_at 2026-06-04T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.17028
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3696
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1328930
reference_id 1328930
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1328930
fixed_packages
aliases CVE-2016-3696
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqeh-9azg-vffw
9
url VCID-mj5s-ce9z-97d3
vulnerability_id VCID-mj5s-ce9z-97d3
summary pulp: Unsafe use of bash $RANDOM for NSS DB password and seed
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3704
reference_id
reference_type
scores
0
value 0.00543
scoring_system epss
scoring_elements 0.68073
published_at 2026-06-04T12:55:00Z
1
value 0.00543
scoring_system epss
scoring_elements 0.68112
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3704
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1330264
reference_id 1330264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1330264
fixed_packages
aliases CVE-2016-3704
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mj5s-ce9z-97d3
10
url VCID-mkgv-azrx-6yer
vulnerability_id VCID-mkgv-azrx-6yer
summary 
Improper Certificate Validation
Hammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
references
0
reference_url http://projects.theforeman.org/issues/19033
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://projects.theforeman.org/issues/19033
1
reference_url https://access.redhat.com/errata/RHSA-2018:0336
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0336
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2667
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29131
published_at 2026-06-05T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.2906
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2667
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1436262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1436262
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml
6
reference_url https://github.com/theforeman/hammer-cli-foreman
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/theforeman/hammer-cli-foreman
7
reference_url https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153
8
reference_url http://www.securityfocus.com/bid/97153
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97153
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2667
reference_id CVE-2017-2667
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2667
10
reference_url https://github.com/advisories/GHSA-77h8-xr85-3x5q
reference_id GHSA-77h8-xr85-3x5q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77h8-xr85-3x5q
fixed_packages
aliases CVE-2017-2667, GHSA-77h8-xr85-3x5q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkgv-azrx-6yer
11
url VCID-ngns-8m65-8fgm
vulnerability_id VCID-ngns-8m65-8fgm
summary katello-debug: Possible symlink attacks due to use of predictable file names
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9595
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13115
published_at 2026-06-04T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13193
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9595
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1406729
reference_id 1406729
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1406729
fixed_packages
aliases CVE-2016-9595
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ngns-8m65-8fgm
12
url VCID-nyhv-pmy1-aqgn
vulnerability_id VCID-nyhv-pmy1-aqgn
summary foreman: Foreman information leak through unauthorized multiple_checkboxes helper
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7077
reference_id
reference_type
scores
0
value 0.00251
scoring_system epss
scoring_elements 0.48593
published_at 2026-06-04T12:55:00Z
1
value 0.00251
scoring_system epss
scoring_elements 0.48656
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7077
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1385777
reference_id 1385777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1385777
fixed_packages
aliases CVE-2016-7077
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyhv-pmy1-aqgn
13
url VCID-qjub-b93r-zfad
vulnerability_id VCID-qjub-b93r-zfad
summary 
XSS vulnerabiliy in generated pagination links
The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0336
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0336
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6459
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49293
published_at 2026-06-04T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49355
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6459
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459
4
reference_url https://github.com/mislav/will_paginate
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mislav/will_paginate
5
reference_url https://github.com/mislav/will_paginate/releases/tag/v3.0.5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mislav/will_paginate/releases/tag/v3.0.5
6
reference_url https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6459
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6459
8
reference_url https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1046642
reference_id 1046642
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1046642
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209
reference_id 733209
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209
11
reference_url https://github.com/advisories/GHSA-8r6h-7x9g-xmw9
reference_id GHSA-8r6h-7x9g-xmw9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r6h-7x9g-xmw9
fixed_packages
aliases CVE-2013-6459, GHSA-8r6h-7x9g-xmw9, OSV-101138
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjub-b93r-zfad
14
url VCID-qykc-fd8z-b7aa
vulnerability_id VCID-qykc-fd8z-b7aa
summary foreman: inside discovery-debug, the root password is displayed in plaintext
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4996
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12303
published_at 2026-06-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12386
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4996
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1349136
reference_id 1349136
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1349136
fixed_packages
aliases CVE-2016-4996
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qykc-fd8z-b7aa
15
url VCID-rzgz-2u1r-vfd6
vulnerability_id VCID-rzgz-2u1r-vfd6
summary Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15699
reference_id
reference_type
scores
0
value 0.01602
scoring_system epss
scoring_elements 0.8204
published_at 2026-06-04T12:55:00Z
1
value 0.01602
scoring_system epss
scoring_elements 0.82074
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15699
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1512724
reference_id 1512724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1512724
fixed_packages
aliases CVE-2017-15699
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzgz-2u1r-vfd6
16
url VCID-sjqy-qthq-jfdc
vulnerability_id VCID-sjqy-qthq-jfdc
summary foreman: Information disclosure in provisioning template previews
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4995
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53502
published_at 2026-06-04T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53562
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4995
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348939
reference_id 1348939
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1348939
fixed_packages
aliases CVE-2016-4995
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjqy-qthq-jfdc
17
url VCID-t96j-881u-rfdr
vulnerability_id VCID-t96j-881u-rfdr
summary The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1669
reference_id
reference_type
scores
0
value 0.01626
scoring_system epss
scoring_elements 0.82203
published_at 2026-06-04T12:55:00Z
1
value 0.01626
scoring_system epss
scoring_elements 0.82231
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1669
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694
30
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695
31
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1335449
reference_id 1335449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1335449
33
reference_url https://security.gentoo.org/glsa/201605-02
reference_id GLSA-201605-02
reference_type
scores
url https://security.gentoo.org/glsa/201605-02
34
reference_url https://access.redhat.com/errata/RHSA-2016:1080
reference_id RHSA-2016:1080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1080
35
reference_url https://access.redhat.com/errata/RHSA-2017:0002
reference_id RHSA-2017:0002
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0002
36
reference_url https://access.redhat.com/errata/RHSA-2017:0879
reference_id RHSA-2017:0879
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0879
37
reference_url https://access.redhat.com/errata/RHSA-2017:0880
reference_id RHSA-2017:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0880
38
reference_url https://access.redhat.com/errata/RHSA-2017:0881
reference_id RHSA-2017:0881
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0881
39
reference_url https://access.redhat.com/errata/RHSA-2017:0882
reference_id RHSA-2017:0882
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0882
40
reference_url https://usn.ubuntu.com/2960-1/
reference_id USN-2960-1
reference_type
scores
url https://usn.ubuntu.com/2960-1/
fixed_packages
aliases CVE-2016-1669
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t96j-881u-rfdr
18
url VCID-wqeh-3r7d-7ffz
vulnerability_id VCID-wqeh-3r7d-7ffz
summary Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2295
reference_id
reference_type
scores
0
value 0.01449
scoring_system epss
scoring_elements 0.81116
published_at 2026-06-04T12:55:00Z
1
value 0.01449
scoring_system epss
scoring_elements 0.81143
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2295
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:C/I:C/A:C
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1452651
reference_id 1452651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1452651
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212
reference_id 863212
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212
6
reference_url https://usn.ubuntu.com/3308-1/
reference_id USN-3308-1
reference_type
scores
url https://usn.ubuntu.com/3308-1/
7
reference_url https://usn.ubuntu.com/USN-4804-1/
reference_id USN-USN-4804-1
reference_type
scores
url https://usn.ubuntu.com/USN-4804-1/
fixed_packages
aliases CVE-2017-2295
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqeh-3r7d-7ffz
19
url VCID-wxck-e2pc-aqdv
vulnerability_id VCID-wxck-e2pc-aqdv
summary foreman: Stored XSS vulnerability in remote execution plugin
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8613
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.73213
published_at 2026-06-04T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.7325
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8613
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1387232
reference_id 1387232
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1387232
fixed_packages
aliases CVE-2016-8613
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxck-e2pc-aqdv
20
url VCID-xa2e-pjyk-6kb6
vulnerability_id VCID-xa2e-pjyk-6kb6
summary foreman: privilege escalation through Organization and Locations API
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4451
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34113
published_at 2026-06-04T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34212
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4451
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1339889
reference_id 1339889
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1339889
fixed_packages
aliases CVE-2016-4451
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2e-pjyk-6kb6
21
url VCID-yphv-jrpk-2yg7
vulnerability_id VCID-yphv-jrpk-2yg7
summary foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8183
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35702
published_at 2026-06-04T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.35797
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8183
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480886
reference_id 1480886
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480886
fixed_packages
aliases CVE-2014-8183
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yphv-jrpk-2yg7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-hammer_cli@0.11.0.1-1%3Farch=el7sat