Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/libtdb@1.3.8-1?arch=el7_1

Type rpm

Namespace redhat

Name libtdb

Version 1.3.8-1

Qualifiers

arch	el7_1

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-egeg-4ds7-d3d1

vulnerability_id

VCID-egeg-4ds7-d3d1

summary

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2118.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2118.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2118

reference_id

reference_type

scores

value	0.78522
scoring_system	epss
scoring_elements	0.99061
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2118

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1317990
reference_id	1317990
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1317990

reference_url	https://security.gentoo.org/glsa/201612-47
reference_id	GLSA-201612-47
reference_type
scores
url	https://security.gentoo.org/glsa/201612-47

reference_url	https://access.redhat.com/errata/RHSA-2016:0611
reference_id	RHSA-2016:0611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0611

reference_url	https://access.redhat.com/errata/RHSA-2016:0612
reference_id	RHSA-2016:0612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0612

reference_url	https://access.redhat.com/errata/RHSA-2016:0613
reference_id	RHSA-2016:0613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0613

reference_url	https://access.redhat.com/errata/RHSA-2016:0614
reference_id	RHSA-2016:0614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0614

reference_url	https://access.redhat.com/errata/RHSA-2016:0618
reference_id	RHSA-2016:0618
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0618

reference_url	https://access.redhat.com/errata/RHSA-2016:0619
reference_id	RHSA-2016:0619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0619

reference_url	https://access.redhat.com/errata/RHSA-2016:0620
reference_id	RHSA-2016:0620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0620

reference_url	https://access.redhat.com/errata/RHSA-2016:0621
reference_id	RHSA-2016:0621
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0621

reference_url	https://access.redhat.com/errata/RHSA-2016:0623
reference_id	RHSA-2016:0623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0623

reference_url	https://access.redhat.com/errata/RHSA-2016:0624
reference_id	RHSA-2016:0624
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0624

reference_url	https://access.redhat.com/errata/RHSA-2016:0625
reference_id	RHSA-2016:0625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0625

fixed_packages

aliases

CVE-2016-2118

risk_score

0.3

exploitability

0.5

weighted_severity

0.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-egeg-4ds7-d3d1

url VCID-enbr-g8ae-ubbc

vulnerability_id VCID-enbr-g8ae-ubbc

summary Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2113.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2113.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2113

reference_id

reference_type

scores

value	0.04197
scoring_system	epss
scoring_elements	0.88919
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:A/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1311910
reference_id	1311910
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1311910

reference_url	https://security.gentoo.org/glsa/201612-47
reference_id	GLSA-201612-47
reference_type
scores
url	https://security.gentoo.org/glsa/201612-47

reference_url	https://access.redhat.com/errata/RHSA-2016:0612
reference_id	RHSA-2016:0612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0612

reference_url	https://access.redhat.com/errata/RHSA-2016:0614
reference_id	RHSA-2016:0614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0614

reference_url	https://access.redhat.com/errata/RHSA-2016:0618
reference_id	RHSA-2016:0618
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0618

reference_url	https://access.redhat.com/errata/RHSA-2016:0620
reference_id	RHSA-2016:0620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0620

fixed_packages

aliases CVE-2016-2113

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enbr-g8ae-ubbc

url

VCID-yt92-mfwy-z7er

vulnerability_id

VCID-yt92-mfwy-z7er

summary

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2112.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2112.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2112

reference_id

reference_type

scores

value	0.16609
scoring_system	epss
scoring_elements	0.95043
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:A/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1311903
reference_id	1311903
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1311903

reference_url	https://security.gentoo.org/glsa/201612-47
reference_id	GLSA-201612-47
reference_type
scores
url	https://security.gentoo.org/glsa/201612-47

reference_url	https://access.redhat.com/errata/RHSA-2016:0611
reference_id	RHSA-2016:0611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0611

reference_url	https://access.redhat.com/errata/RHSA-2016:0612
reference_id	RHSA-2016:0612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0612

reference_url	https://access.redhat.com/errata/RHSA-2016:0613
reference_id	RHSA-2016:0613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0613

reference_url	https://access.redhat.com/errata/RHSA-2016:0614
reference_id	RHSA-2016:0614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0614

reference_url	https://access.redhat.com/errata/RHSA-2016:0618
reference_id	RHSA-2016:0618
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0618

reference_url	https://access.redhat.com/errata/RHSA-2016:0619
reference_id	RHSA-2016:0619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0619

reference_url	https://access.redhat.com/errata/RHSA-2016:0620
reference_id	RHSA-2016:0620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0620

reference_url	https://access.redhat.com/errata/RHSA-2016:0624
reference_id	RHSA-2016:0624
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0624

fixed_packages

aliases

CVE-2016-2112

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-yt92-mfwy-z7er

Fixing_vulnerabilities

Risk_score 0.3

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtdb@1.3.8-1%3Farch=el7_1

Package Instance