Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/189352?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "type": "ebuild", "namespace": "net-libs", "name": "serf", "version": "1.3.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.9.4", "latest_non_vulnerable_version": "1.9.4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100847?format=api", "vulnerability_id": "VCID-1edm-5vwv-jygt", "summary": "The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02097", "scoring_system": "epss", "scoring_elements": "0.84358", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02097", "scoring_system": "epss", "scoring_elements": "0.84382", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02097", "scoring_system": "epss", "scoring_elements": "0.84385", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757965", "reference_id": "757965", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757965" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/2315-1/", "reference_id": "USN-2315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2014-3504" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1edm-5vwv-jygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101612?format=api", "vulnerability_id": "VCID-3jv4-38f5-nkf5", "summary": "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87614", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125799", "reference_id": "1125799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125799" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0165", "reference_id": "RHSA-2015:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0166", "reference_id": "RHSA-2015:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0166" }, { "reference_url": "https://usn.ubuntu.com/2316-1/", "reference_id": "USN-2316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2014-3528" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jv4-38f5-nkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101620?format=api", "vulnerability_id": "VCID-6h35-rv8q-nbcm", "summary": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76662", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76691", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76698", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247252", "reference_id": "1247252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247252" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1633", "reference_id": "RHSA-2015:1633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2015-3187" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6h35-rv8q-nbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101623?format=api", "vulnerability_id": "VCID-911j-4sf9-1ue5", "summary": "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76969", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76979", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331686", "reference_id": "1331686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331686" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/3388-1/", "reference_id": "USN-3388-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-1/" }, { "reference_url": "https://usn.ubuntu.com/3388-2/", "reference_id": "USN-3388-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2016-2167" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-911j-4sf9-1ue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101609?format=api", "vulnerability_id": "VCID-9hdz-4dqf-37bw", "summary": "The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0032.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27105", "scoring_system": "epss", "scoring_elements": "0.96476", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.27105", "scoring_system": "epss", "scoring_elements": "0.96479", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.27105", "scoring_system": "epss", "scoring_elements": "0.96484", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062042", "reference_id": "1062042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062042" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815", "reference_id": "737815", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0255", "reference_id": "RHSA-2014:0255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0255" }, { "reference_url": "https://usn.ubuntu.com/2316-1/", "reference_id": "USN-2316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2014-0032" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hdz-4dqf-37bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101621?format=api", "vulnerability_id": "VCID-byfb-b8p8-6kaz", "summary": "Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5259.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34284", "scoring_system": "epss", "scoring_elements": "0.97076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.34284", "scoring_system": "epss", "scoring_elements": "0.97079", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.34284", "scoring_system": "epss", "scoring_elements": "0.97081", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289958", "reference_id": "1289958", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289958" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2015-5259" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-byfb-b8p8-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101617?format=api", "vulnerability_id": "VCID-cpt9-yf1w-rqep", "summary": "The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15803", "scoring_system": "epss", "scoring_elements": "0.94859", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15803", "scoring_system": "epss", "scoring_elements": "0.94868", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205138", "reference_id": "1205138", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205138" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1633", "reference_id": "RHSA-2015:1633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2015-0248" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpt9-yf1w-rqep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101616?format=api", "vulnerability_id": "VCID-k4r3-qnjx-93fu", "summary": "The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02082", "scoring_system": "epss", "scoring_elements": "0.84307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02082", "scoring_system": "epss", "scoring_elements": "0.8433", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02082", "scoring_system": "epss", "scoring_elements": "0.84333", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205134", "reference_id": "1205134", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205134" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2015-0202" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4r3-qnjx-93fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101618?format=api", "vulnerability_id": "VCID-qdbd-71zg-2bdy", "summary": "The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0251.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0251.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78027", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78055", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78062", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205140", "reference_id": "1205140", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205140" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1633", "reference_id": "RHSA-2015:1633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2015-0251" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdbd-71zg-2bdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101611?format=api", "vulnerability_id": "VCID-qsfe-f1es-1bef", "summary": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3522.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02619", "scoring_system": "epss", "scoring_elements": "0.85942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02619", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02619", "scoring_system": "epss", "scoring_elements": "0.85968", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127063", "reference_id": "1127063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127063" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/2316-1/", "reference_id": "USN-2316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2014-3522" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsfe-f1es-1bef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101619?format=api", "vulnerability_id": "VCID-utyp-k276-abhz", "summary": "mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17005", "scoring_system": "epss", "scoring_elements": "0.95103", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17005", "scoring_system": "epss", "scoring_elements": "0.95112", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247249", "reference_id": "1247249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247249" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2015-3184" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utyp-k276-abhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101624?format=api", "vulnerability_id": "VCID-x6q8-pssz-ekcw", "summary": "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2168.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07364", "scoring_system": "epss", "scoring_elements": "0.91851", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07364", "scoring_system": "epss", "scoring_elements": "0.91864", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07364", "scoring_system": "epss", "scoring_elements": "0.91865", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331683", "reference_id": "1331683", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331683" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/3388-2/", "reference_id": "USN-3388-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189352?format=api", "purl": "pkg:ebuild/net-libs/serf@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/189353?format=api", "purl": "pkg:ebuild/net-libs/serf@1.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.9.4" } ], "aliases": [ "CVE-2016-2168" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6q8-pssz-ekcw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/serf@1.3.7" }