Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/176922?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/176922?format=api", "purl": "pkg:rpm/redhat/php@5.4.16-23?arch=el7_0", "type": "rpm", "namespace": "redhat", "name": "php", "version": "5.4.16-23", "qualifiers": { "arch": "el7_0" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114197?format=api", "vulnerability_id": "VCID-4tr4-kyyh-qfbd", "summary": "php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3515.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48662", "scoring_system": "epss", "scoring_elements": "0.97808", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.48662", "scoring_system": "epss", "scoring_elements": "0.97812", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112154", "reference_id": "1112154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://usn.ubuntu.com/2276-1/", "reference_id": "USN-2276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2276-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3515" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tr4-kyyh-qfbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67896?format=api", "vulnerability_id": "VCID-84y5-7hge-vbhn", "summary": "The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03336", "scoring_system": "epss", "scoring_elements": "0.8754", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03336", "scoring_system": "epss", "scoring_elements": "0.87519", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721" }, { "reference_url": "http://mx.gw.com/pipermail/file/2014/001553.html", "reference_id": "001553.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://mx.gw.com/pipermail/file/2014/001553.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104858", "reference_id": "1104858", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104858" }, { "reference_url": "https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382", "reference_id": "40bade80cbe2af1d0b2cd0420cebd5d5905a2382", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382" }, { "reference_url": "http://secunia.com/advisories/59794", "reference_id": "59794", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://secunia.com/advisories/59794" }, { "reference_url": "http://secunia.com/advisories/59831", "reference_id": "59831", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://secunia.com/advisories/59831" }, { "reference_url": "http://www.securityfocus.com/bid/68238", "reference_id": "68238", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://www.securityfocus.com/bid/68238" }, { "reference_url": "https://bugs.php.net/bug.php?id=67412", "reference_id": "bug.php?id=67412", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "https://bugs.php.net/bug.php?id=67412" }, { "reference_url": "http://www.php.net/ChangeLog-5.php", "reference_id": "ChangeLog-5.php", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://www.php.net/ChangeLog-5.php" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2974", "reference_id": "dsa-2974", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://www.debian.org/security/2014/dsa-2974" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3021", "reference_id": "dsa-3021", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://www.debian.org/security/2014/dsa-3021" }, { "reference_url": "https://support.apple.com/HT204659", "reference_id": "HT204659", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "https://support.apple.com/HT204659" }, { "reference_url": "http://support.apple.com/kb/HT6443", "reference_id": "HT6443", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://support.apple.com/kb/HT6443" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html", "reference_id": "msg00046.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1606", "reference_id": "RHSA-2014:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html", "reference_id": "RHSA-2014-1765.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html", "reference_id": "RHSA-2014-1766.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2155", "reference_id": "RHSA-2015:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2155" }, { "reference_url": "https://usn.ubuntu.com/2276-1/", "reference_id": "USN-2276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2276-1/" }, { "reference_url": "https://usn.ubuntu.com/2278-1/", "reference_id": "USN-2278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2278-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3480" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84y5-7hge-vbhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67895?format=api", "vulnerability_id": "VCID-avrk-szvf-13av", "summary": "The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05923", "scoring_system": "epss", "scoring_elements": "0.90782", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05923", "scoring_system": "epss", "scoring_elements": "0.90796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104869", "reference_id": "1104869", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1606", "reference_id": "RHSA-2014:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2155", "reference_id": "RHSA-2015:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2155" }, { "reference_url": "https://usn.ubuntu.com/2276-1/", "reference_id": "USN-2276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2276-1/" }, { "reference_url": "https://usn.ubuntu.com/2278-1/", "reference_id": "USN-2278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2278-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3479" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avrk-szvf-13av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114222?format=api", "vulnerability_id": "VCID-ed1v-hdew-4qfj", "summary": "php: heap-based buffer overflow in DNS TXT record parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30666", "scoring_system": "epss", "scoring_elements": "0.96812", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.30666", "scoring_system": "epss", "scoring_elements": "0.96817", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447", "reference_id": "1108447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447" }, { "reference_url": "https://security.gentoo.org/glsa/201408-11", "reference_id": "GLSA-201408-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://usn.ubuntu.com/2254-1/", "reference_id": "USN-2254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2254-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-4049" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed1v-hdew-4qfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67897?format=api", "vulnerability_id": "VCID-k6m7-rzf9-a3hy", "summary": "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14502", "scoring_system": "epss", "scoring_elements": "0.94576", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14502", "scoring_system": "epss", "scoring_elements": "0.94584", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107544", "reference_id": "1107544", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2155", "reference_id": "RHSA-2015:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2155" }, { "reference_url": "https://usn.ubuntu.com/2276-1/", "reference_id": "USN-2276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2276-1/" }, { "reference_url": "https://usn.ubuntu.com/2278-1/", "reference_id": "USN-2278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2278-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3487" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m7-rzf9-a3hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67890?format=api", "vulnerability_id": "VCID-mwnw-synf-fbc1", "summary": "The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2611", "scoring_system": "epss", "scoring_elements": "0.96387", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2611", "scoring_system": "epss", "scoring_elements": "0.96392", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098193", "reference_id": "1098193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098193" }, { "reference_url": "https://security.gentoo.org/glsa/201408-11", "reference_id": "GLSA-201408-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1606", "reference_id": "RHSA-2014:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2155", "reference_id": "RHSA-2015:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2155" }, { "reference_url": "https://usn.ubuntu.com/2254-1/", "reference_id": "USN-2254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2254-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0237" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwnw-synf-fbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67887?format=api", "vulnerability_id": "VCID-scd1-g67x-3ybp", "summary": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.7864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78667", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079846", "reference_id": "1079846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079846" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993", "reference_id": "703993", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993" }, { "reference_url": "https://security.gentoo.org/glsa/201408-08", "reference_id": "GLSA-201408-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-08" }, { "reference_url": "https://security.gentoo.org/glsa/201408-11", "reference_id": "GLSA-201408-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://usn.ubuntu.com/2278-1/", "reference_id": "USN-2278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2278-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-7345" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scd1-g67x-3ybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114214?format=api", "vulnerability_id": "VCID-wmyz-1bey-bfde", "summary": "php: type confusion issue in phpinfo() leading to information leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4721.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09887", "scoring_system": "epss", "scoring_elements": "0.9314", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09887", "scoring_system": "epss", "scoring_elements": "0.93151", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116662", "reference_id": "1116662", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://usn.ubuntu.com/2276-1/", "reference_id": "USN-2276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2276-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-4721" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyz-1bey-bfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67891?format=api", "vulnerability_id": "VCID-xvxf-js9u-yyff", "summary": "The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24474", "scoring_system": "epss", "scoring_elements": "0.96216", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24474", "scoring_system": "epss", "scoring_elements": "0.96221", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098155", "reference_id": "1098155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098155" }, { "reference_url": "https://security.gentoo.org/glsa/201408-11", "reference_id": "GLSA-201408-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1012", "reference_id": "RHSA-2014:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1606", "reference_id": "RHSA-2014:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2155", "reference_id": "RHSA-2015:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2155" }, { "reference_url": "https://usn.ubuntu.com/2254-1/", "reference_id": "USN-2254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2254-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0238" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvxf-js9u-yyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67888?format=api", "vulnerability_id": "VCID-zqdy-kvwk-3ubd", "summary": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09377", "scoring_system": "epss", "scoring_elements": "0.92932", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09377", "scoring_system": "epss", "scoring_elements": "0.92943", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721" }, { "reference_url": "http://mx.gw.com/pipermail/file/2014/001553.html", "reference_id": "001553.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://mx.gw.com/pipermail/file/2014/001553.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842", "reference_id": "1091842", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842" }, { "reference_url": "http://secunia.com/advisories/59794", "reference_id": "59794", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://secunia.com/advisories/59794" }, { "reference_url": "http://secunia.com/advisories/59831", "reference_id": "59831", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://secunia.com/advisories/59831" }, { "reference_url": "http://www.securityfocus.com/bid/68243", "reference_id": "68243", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://www.securityfocus.com/bid/68243" }, { "reference_url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391", "reference_id": "6d209c1c489457397a5763bca4b28e43aac90391", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391" }, { "reference_url": "https://bugs.php.net/bug.php?id=67326", "reference_id": "bug.php?id=67326", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "https://bugs.php.net/bug.php?id=67326" }, { "reference_url": "http://www.php.net/ChangeLog-5.php", "reference_id": "ChangeLog-5.php", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://www.php.net/ChangeLog-5.php" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2974", "reference_id": "dsa-2974", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://www.debian.org/security/2014/dsa-2974" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3021", "reference_id": "dsa-3021", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://www.debian.org/security/2014/dsa-3021" }, { "reference_url": "https://support.apple.com/HT204659", "reference_id": "HT204659", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "https://support.apple.com/HT204659" }, { "reference_url": "http://support.apple.com/kb/HT6443", "reference_id": "HT6443", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://support.apple.com/kb/HT6443" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html", "reference_id": "msg00046.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1013", "reference_id": "RHSA-2014:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html", "reference_id": "RHSA-2014-1765.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html", "reference_id": "RHSA-2014-1766.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2155", "reference_id": "RHSA-2015:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2155" }, { "reference_url": "https://usn.ubuntu.com/2276-1/", "reference_id": "USN-2276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2276-1/" }, { "reference_url": "https://usn.ubuntu.com/2278-1/", "reference_id": "USN-2278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2278-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0207" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqdy-kvwk-3ubd" } ], "fixing_vulnerabilities": [], "risk_score": "0.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.4.16-23%3Farch=el7_0" }