Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/164992?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/164992?format=api", "purl": "pkg:rpm/redhat/sun-txw2@20110809-5_redhat_2.ep6.el6?arch=3", "type": "rpm", "namespace": "redhat", "name": "sun-txw2", "version": "20110809-5_redhat_2.ep6.el6", "qualifiers": { "arch": "3" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113765?format=api", "vulnerability_id": "VCID-2nna-s9bv-sycc", "summary": "foreman: lack of SSL certificate validation when performing LDAPS authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44263", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208602", "reference_id": "1208602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208602" } ], "fixed_packages": [], "aliases": [ "CVE-2015-1816" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nna-s9bv-sycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43562?format=api", "vulnerability_id": "VCID-4xd2-1hb8-suds", "summary": "Improper Authentication in Apache CXF\nApache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2378.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04238", "scoring_system": "epss", "scoring_elements": "0.88966", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2378" }, { "reference_url": "http://secunia.com/advisories/51607", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/51607" }, { "reference_url": "https://github.com/apache/cxf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1337150", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1337150" }, { "reference_url": "http://www.securityfocus.com/bid/53880", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/53880" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=826533", "reference_id": "826533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=826533" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2378", "reference_id": "CVE-2012-2378", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2378" }, { "reference_url": "http://cxf.apache.org/cve-2012-2378.html", "reference_id": "CVE-2012-2378.HTML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://cxf.apache.org/cve-2012-2378.html" }, { "reference_url": "https://github.com/advisories/GHSA-vjpc-vf4f-82qg", "reference_id": "GHSA-vjpc-vf4f-82qg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vjpc-vf4f-82qg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [], "aliases": [ "CVE-2012-2378", "GHSA-vjpc-vf4f-82qg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xd2-1hb8-suds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93337?format=api", "vulnerability_id": "VCID-5xzz-9qwp-cfds", "summary": "Oracle Mojarra 2.1.7 does not properly \"clean up\" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2672.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17963", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2672" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677194", "reference_id": "677194", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=829560", "reference_id": "829560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [], "aliases": [ "CVE-2012-2672" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xzz-9qwp-cfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114997?format=api", "vulnerability_id": "VCID-6xyc-eyb2-dfdy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4550.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42166", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [], "aliases": [ "CVE-2012-4550" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xyc-eyb2-dfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43615?format=api", "vulnerability_id": "VCID-b8zs-wt4g-c3fn", "summary": "XML Signature/Encryption Not Validated in Apache CXF\nApache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1593.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1593.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03752", "scoring_system": "epss", "scoring_elements": "0.88232", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2379" }, { "reference_url": "https://cxf.apache.org/cve-2012-2379.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cxf.apache.org/cve-2012-2379.html" }, { "reference_url": "https://github.com/apache/cxf", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf" }, { "reference_url": "https://github.com/apache/cxf/commit/440528d928be1e2030e7227b958c9c072847d9b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf/commit/440528d928be1e2030e7227b958c9c072847d9b2" }, { "reference_url": "https://github.com/apache/cxf/commit/4500bf901cb2a7312291b6663045f28a95d2a0c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf/commit/4500bf901cb2a7312291b6663045f28a95d2a0c4" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://svn.apache.org/viewvc?view=revision&revision=1338219", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.apache.org/viewvc?view=revision&revision=1338219" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1338219", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=revision&revision=1338219" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=826534", "reference_id": "826534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=826534" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2379", "reference_id": "CVE-2012-2379", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2379" }, { "reference_url": "http://cxf.apache.org/cve-2012-2379.html", "reference_id": "CVE-2012-2379.HTML", "reference_type": "", "scores": [], "url": "http://cxf.apache.org/cve-2012-2379.html" }, { "reference_url": "https://github.com/advisories/GHSA-2g99-c67p-56hm", "reference_id": "GHSA-2g99-c67p-56hm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2g99-c67p-56hm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1559", "reference_id": "RHSA-2012:1559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1573", "reference_id": "RHSA-2012:1573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1593", "reference_id": "RHSA-2012:1593", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [], "aliases": [ "CVE-2012-2379", "GHSA-2g99-c67p-56hm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8zs-wt4g-c3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114060?format=api", "vulnerability_id": "VCID-bumt-76s4-47da", "summary": "foreman: cross-site scripting (XSS) flaw in template preview screen", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60331", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3653" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145398", "reference_id": "1145398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145398" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3653" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bumt-76s4-47da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51033?format=api", "vulnerability_id": "VCID-f4m5-bj25-pbhy", "summary": "Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2687.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08268", "scoring_system": "epss", "scoring_elements": "0.92381", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2687" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=850794", "reference_id": "850794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850794" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2012-2687.json", "reference_id": "CVE-2012-2687", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2012-2687.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0130", "reference_id": "RHSA-2013:0130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0512", "reference_id": "RHSA-2013:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0512" } ], "fixed_packages": [], "aliases": [ "CVE-2012-2687" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4m5-bj25-pbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114996?format=api", "vulnerability_id": "VCID-hjde-a3kr-pka8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32167", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [], "aliases": [ "CVE-2012-4549" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjde-a3kr-pka8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37462?format=api", "vulnerability_id": "VCID-hnc9-jpuu-vfac", "summary": "SOAPAction spoofing on document literal web services\nThis package allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09969", "scoring_system": "epss", "scoring_elements": "0.93177", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3451" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78734", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78734" }, { "reference_url": "https://github.com/apache/cxf", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf" }, { "reference_url": "https://github.com/apache/cxf/commit/7230648f96573820d5bfa82c92c637391b448897", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf/commit/7230648f96573820d5bfa82c92c637391b448897" }, { "reference_url": "https://github.com/apache/cxf/commit/878fe37f0b09888a42005fedc725ce497b5a694a", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf/commit/878fe37f0b09888a42005fedc725ce497b5a694a" }, { "reference_url": "https://github.com/apache/cxf/commit/9c70abe28fbf2b4c4df0b93ed12295ea5a012554", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf/commit/9c70abe28fbf2b4c4df0b93ed12295ea5a012554" }, { "reference_url": "https://github.com/apache/cxf/commit/deeeaa95a861b355068ca6febc7aa02a4a8c51e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cxf/commit/deeeaa95a861b355068ca6febc7aa02a4a8c51e5" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1368559", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1368559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "reference_id": "CVE-2012-3451", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" }, { "reference_url": "http://cxf.apache.org/cve-2012-3451.html", "reference_id": "CVE-2012-3451.HTML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://cxf.apache.org/cve-2012-3451.html" }, { "reference_url": "https://github.com/advisories/GHSA-55j7-f5wf-43m4", "reference_id": "GHSA-55j7-f5wf-43m4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-55j7-f5wf-43m4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0256", "reference_id": "RHSA-2013:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0257", "reference_id": "RHSA-2013:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0258", "reference_id": "RHSA-2013:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0259", "reference_id": "RHSA-2013:0259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0726", "reference_id": "RHSA-2013:0726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0743", "reference_id": "RHSA-2013:0743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0743" } ], "fixed_packages": [], "aliases": [ "CVE-2012-3451", "GHSA-55j7-f5wf-43m4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnc9-jpuu-vfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113555?format=api", "vulnerability_id": "VCID-m7u7-uh4a-8yhe", "summary": "foreman: edit_users permission allows changing of admin passwords", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68959", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3235" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232366", "reference_id": "1232366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232366" } ], "fixed_packages": [], "aliases": [ "CVE-2015-3235" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7u7-uh4a-8yhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113707?format=api", "vulnerability_id": "VCID-qjt7-u7kg-4kb9", "summary": "foreman: API not scoping resources to taxonomies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49702", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1844" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207589", "reference_id": "1207589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207589" } ], "fixed_packages": [], "aliases": [ "CVE-2015-1844" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjt7-u7kg-4kb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113626?format=api", "vulnerability_id": "VCID-r6rk-smsu-m7d5", "summary": "foreman: the _session_id cookie is issued without the Secure flag", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0056", "scoring_system": "epss", "scoring_elements": "0.68622", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3155" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216035", "reference_id": "1216035", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216035" } ], "fixed_packages": [], "aliases": [ "CVE-2015-3155" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6rk-smsu-m7d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58679?format=api", "vulnerability_id": "VCID-rn31-x2tg-qubx", "summary": "Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0455.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0455.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52581", "scoring_system": "epss", "scoring_elements": "0.97991", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0455" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=850794", "reference_id": "850794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850794" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31052.java", "reference_id": "CVE-2008-0455;OSVDB-41019", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31052.java" }, { "reference_url": "https://www.securityfocus.com/bid/27409/info", "reference_id": "CVE-2008-0455;OSVDB-41019", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/27409/info" }, { "reference_url": "https://security.gentoo.org/glsa/200803-19", "reference_id": "GLSA-200803-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0130", "reference_id": "RHSA-2013:0130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0512", "reference_id": "RHSA-2013:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0512" } ], "fixed_packages": [], "aliases": [ "CVE-2008-0455" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rn31-x2tg-qubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111878?format=api", "vulnerability_id": "VCID-rpkt-unr6-6fbr", "summary": "User confusion in IronJacamar\nThe IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3428.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3428.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68169", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3428" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843358", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843358" }, { "reference_url": "http://secunia.com/advisories/51607", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/51607" }, { "reference_url": "https://issues.jboss.org/browse/JBJCA-864", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/JBJCA-864" }, { "reference_url": "https://issues.jboss.org/browse/JBPAPP-9584", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/JBPAPP-9584" }, { "reference_url": "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3428", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1591", "reference_id": "RHSA-2012:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1592", "reference_id": "RHSA-2012:1592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [], "aliases": [ "CVE-2012-3428", "GHSA-ppg2-ww3w-hq84" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpkt-unr6-6fbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34882?format=api", "vulnerability_id": "VCID-sfq1-wcc6-jkdt", "summary": "The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1591", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1592" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4346", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4346" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.663", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4346" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007746" }, { "reference_url": "https://github.com/joestump/python-oauth2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/joestump/python-oauth2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml" }, { "reference_url": "https://github.com/simplegeo/python-oauth2/issues/129", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplegeo/python-oauth2/issues/129" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4346", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4346" }, { "reference_url": "https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/09/12/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/09/12/7" }, { "reference_url": "http://www.securityfocus.com/bid/62386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/62386" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4346", "GHSA-4433-4cxq-vv73", "PYSEC-2014-85" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfq1-wcc6-jkdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114111?format=api", "vulnerability_id": "VCID-u4r1-a2p1-q7cm", "summary": "rhn_satellite_6: cross-site request forgery (CSRF) can force logout", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47631", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3590" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128108", "reference_id": "1128108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128108" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3590" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4r1-a2p1-q7cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34883?format=api", "vulnerability_id": "VCID-y65f-py17-z7d5", "summary": "The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1591", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1592" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4347", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4347" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62974", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4347" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007758", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007758" }, { "reference_url": "https://github.com/joestump/python-oauth2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/joestump/python-oauth2" }, { "reference_url": "https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml" }, { "reference_url": "https://github.com/simplegeo/python-oauth2/issues/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplegeo/python-oauth2/issues/9" }, { "reference_url": "https://github.com/simplegeo/python-oauth2/pull/146", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplegeo/python-oauth2/pull/146" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4347", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4347" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/09/12/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/09/12/7" }, { "reference_url": "http://www.securityfocus.com/bid/62388", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/62388" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4347", "GHSA-rv8h-p43r-4x5r", "PYSEC-2014-86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y65f-py17-z7d5" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/sun-txw2@20110809-5_redhat_2.ep6.el6%3Farch=3" }