Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/363363?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "type": "apk", "namespace": "alpine", "name": "elfutils", "version": "0.176-r0", "qualifiers": { "arch": "armhf", "distroversion": "v3.22", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66525?format=api", "vulnerability_id": "VCID-2sga-pmv8-3uak", "summary": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7665.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28182", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28141", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28161", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28232", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677538", "reference_id": "1677538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677538" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880", "reference_id": "921880", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" } ], "aliases": [ "CVE-2019-7665" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sga-pmv8-3uak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66521?format=api", "vulnerability_id": "VCID-9d69-d773-fqeu", "summary": "An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73587", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73623", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73628", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73614", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671439", "reference_id": "1671439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671439" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" } ], "aliases": [ "CVE-2019-7148" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d69-d773-fqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66520?format=api", "vulnerability_id": "VCID-9nvr-hhnf-u7ex", "summary": "In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7146.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41917", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41927", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41898", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671432", "reference_id": "1671432", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671432" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911", "reference_id": "920911", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" } ], "aliases": [ "CVE-2019-7146" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nvr-hhnf-u7ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66523?format=api", "vulnerability_id": "VCID-c3rt-jxyg-m3eu", "summary": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32506", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32467", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32466", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32538", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671446", "reference_id": "1671446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909", "reference_id": "920909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" } ], "aliases": [ "CVE-2019-7150" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3rt-jxyg-m3eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66522?format=api", "vulnerability_id": "VCID-gv76-sbbx-ukd8", "summary": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7149.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7149.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56378", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56434", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5644", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56428", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671443", "reference_id": "1671443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910", "reference_id": "920910", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" } ], "aliases": [ "CVE-2019-7149" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv76-sbbx-ukd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66524?format=api", "vulnerability_id": "VCID-p4ma-d1c5-4bg1", "summary": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38129", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38101", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38036", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677536", "reference_id": "1677536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677536" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881", "reference_id": "921881", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363363?format=api", "purl": "pkg:apk/alpine/elfutils@0.176-r0?arch=armhf&distroversion=v3.22&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" } ], "aliases": [ "CVE-2019-7664" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4ma-d1c5-4bg1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/elfutils@0.176-r0%3Farch=armhf&distroversion=v3.22&reponame=main" }