Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/262635?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/262635?format=api", "purl": "pkg:rpm/redhat/open-vm-tools@9.2.3-5?arch=el6cf", "type": "rpm", "namespace": "redhat", "name": "open-vm-tools", "version": "9.2.3-5", "qualifiers": { "arch": "el6cf" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69993?format=api", "vulnerability_id": "VCID-1fjj-5577-g7b6", "summary": "postgresql: Improper user privilege check for on-line backups", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1901.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44009", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901" }, { "reference_url": "https://www.postgresql.org/support/security/CVE-2013-1901/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.postgresql.org/support/security/CVE-2013-1901/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929328", "reference_id": "929328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929328" }, { "reference_url": "https://security.gentoo.org/glsa/201408-15", "reference_id": "GLSA-201408-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-15" }, { "reference_url": "https://usn.ubuntu.com/1789-1/", "reference_id": "USN-1789-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1789-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1901" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fjj-5577-g7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27165?format=api", "vulnerability_id": "VCID-7fe5-pa3v-wfcq", "summary": "actionmailer email address processing causes Denial of service\nMultiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.80273", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/118", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/118" }, { "reference_url": "https://github.com/advisories/GHSA-rg5m-3fqp-6px8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg5m-3fqp-6px8" }, { "reference_url": "https://github.com/rails/rails/tree/main/actionmailer", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/actionmailer" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389" }, { "reference_url": "https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2887" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913", "reference_id": "1013913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4389", "GHSA-rg5m-3fqp-6px8", "OSV-98629" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fe5-pa3v-wfcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26951?format=api", "vulnerability_id": "VCID-8wpy-hzah-7bbx", "summary": "i18n gem Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2015:1100", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2015:1100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0320", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0380", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0380" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4492" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63682", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4492" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492" }, { "reference_url": "https://github.com/advisories/GHSA-r5hc-9xx5-97rw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5hc-9xx5-97rw" }, { "reference_url": "https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml" }, { "reference_url": "https://github.com/svenfuchs/i18n", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/i18n" }, { "reference_url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492" }, { "reference_url": "https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ" }, { "reference_url": "https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2830" }, { "reference_url": "http://www.securityfocus.com/bid/64076", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/64076" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4492", "GHSA-r5hc-9xx5-97rw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wpy-hzah-7bbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69306?format=api", "vulnerability_id": "VCID-evqu-59v5-eugz", "summary": "2: miq_policy/explorer SQL injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2050.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2050.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54161", "scoring_system": "epss", "scoring_elements": "0.98058", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=959062", "reference_id": "959062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=959062" } ], "fixed_packages": [], "aliases": [ "CVE-2013-2050" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evqu-59v5-eugz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69303?format=api", "vulnerability_id": "VCID-fa3q-atht-yyby", "summary": "CloudForms: user password stored in recoverable format", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4423.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4423.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28086", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4423" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018345", "reference_id": "1018345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018345" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4423" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fa3q-atht-yyby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69304?format=api", "vulnerability_id": "VCID-mkzc-mzbs-j7a4", "summary": "EVM: CSRF", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27037", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895345", "reference_id": "895345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895345" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0185" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkzc-mzbs-j7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69989?format=api", "vulnerability_id": "VCID-pcwn-epdn-rycp", "summary": "postgresql: Insecure switch parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1899.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1899.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81124", "scoring_system": "epss", "scoring_elements": "0.99181", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901" }, { "reference_url": "https://www.postgresql.org/support/security/CVE-2013-1899/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.postgresql.org/support/security/CVE-2013-1899/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929223", "reference_id": "929223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929223" }, { "reference_url": "https://security.gentoo.org/glsa/201408-15", "reference_id": "GLSA-201408-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-15" }, { "reference_url": "https://usn.ubuntu.com/1789-1/", "reference_id": "USN-1789-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1789-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1899" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcwn-epdn-rycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26725?format=api", "vulnerability_id": "VCID-q5d6-ke65-hfhz", "summary": "sprockets vulnerable to Path Traversal\nMultiple directory traversal vulnerabilities in `server.rb` in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2015:1100", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2015:1100" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-7819" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73402", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7819" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819" }, { "reference_url": "https://github.com/advisories/GHSA-33pp-3763-mrfp", "reference_id": "GHSA-33pp-3763-mrfp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33pp-3763-mrfp" } ], "fixed_packages": [], "aliases": [ "CVE-2014-7819", "GHSA-33pp-3763-mrfp", "OSV-113965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5d6-ke65-hfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69305?format=api", "vulnerability_id": "VCID-qccg-84r5-3kfe", "summary": "2: static secret_token.rb value", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2049.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2049.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36597", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=959041", "reference_id": "959041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=959041" } ], "fixed_packages": [], "aliases": [ "CVE-2013-2049" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qccg-84r5-3kfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68358?format=api", "vulnerability_id": "VCID-rnfp-d84q-wfec", "summary": "CFME: dangerous send method in performance.rb", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3642.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3642.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67674", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3642" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092894", "reference_id": "1092894", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092894" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1317", "reference_id": "RHSA-2014:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1317" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3642" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnfp-d84q-wfec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68357?format=api", "vulnerability_id": "VCID-sj4p-amym-zqer", "summary": "CFME: default routes expose controllers and actions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0140.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47694", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077359", "reference_id": "1077359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1317", "reference_id": "RHSA-2014:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1317" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0140" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sj4p-amym-zqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69535?format=api", "vulnerability_id": "VCID-trh3-sdvx-4uga", "summary": "interface: Ruby code injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4172.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68509", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4172" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=988644", "reference_id": "988644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1157", "reference_id": "RHSA-2013:1157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1157" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4172" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trh3-sdvx-4uga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27173?format=api", "vulnerability_id": "VCID-u5nz-nn6j-8fhm", "summary": "rest-client allows local users to obtain sensitive information by reading the log\nREST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20495", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448" }, { "reference_url": "https://github.com/rest-client/rest-client", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client" }, { "reference_url": "https://github.com/rest-client/rest-client/issues/349", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client/issues/349" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3448", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3448" }, { "reference_url": "https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415" }, { "reference_url": "http://www.osvdb.org/show/osvdb/117461", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/show/osvdb/117461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240982", "reference_id": "1240982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240982" }, { "reference_url": "https://github.com/advisories/GHSA-mx9f-w8qq-q5jf", "reference_id": "GHSA-mx9f-w8qq-q5jf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mx9f-w8qq-q5jf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [], "aliases": [ "CVE-2015-3448", "GHSA-mx9f-w8qq-q5jf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5nz-nn6j-8fhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69991?format=api", "vulnerability_id": "VCID-u831-s7tv-d7cf", "summary": "postgresql: Improper randomization of pgcrypto functions (requiring random seed)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1900.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.6876", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901" }, { "reference_url": "https://www.postgresql.org/support/security/CVE-2013-1900/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.postgresql.org/support/security/CVE-2013-1900/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929255", "reference_id": "929255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929255" }, { "reference_url": "https://security.gentoo.org/glsa/201408-15", "reference_id": "GLSA-201408-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1475", "reference_id": "RHSA-2013:1475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1475" }, { "reference_url": "https://usn.ubuntu.com/1789-1/", "reference_id": "USN-1789-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1789-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1900" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u831-s7tv-d7cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47259?format=api", "vulnerability_id": "VCID-w33m-yjha-ckap", "summary": "rest-client Gem Vulnerable to Session Fixation\nREST client for Ruby (aka rest-client) versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03723", "scoring_system": "epss", "scoring_elements": "0.8818", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1820" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820" }, { "reference_url": "https://github.com/rest-client/rest-client", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client" }, { "reference_url": "https://github.com/rest-client/rest-client/issues/369", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client/issues/369" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1820", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1820" }, { "reference_url": "https://rubygems.org/gems/rest-client/versions/1.6.1.a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/rest-client/versions/1.6.1.a" }, { "reference_url": "https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/24/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/24/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238", "reference_id": "781238", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238" }, { "reference_url": "https://github.com/advisories/GHSA-3fhf-6939-qg8p", "reference_id": "GHSA-3fhf-6939-qg8p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3fhf-6939-qg8p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [], "aliases": [ "CVE-2015-1820", "GHSA-3fhf-6939-qg8p", "OSV-119878" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w33m-yjha-ckap" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/open-vm-tools@9.2.3-5%3Farch=el6cf" }