Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4566?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4566?format=api", "purl": "pkg:deb/debian/rsync@2.3.2-1.2", "type": "deb", "namespace": "debian", "name": "rsync", "version": "2.3.2-1.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.7-1+deb12u5", "latest_non_vulnerable_version": "3.4.1+ds1-5+deb13u3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4347?format=api", "vulnerability_id": "VCID-29gg-j4vp-7bef", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01555", "scoring_system": "epss", "scoring_elements": "0.81802", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01555", "scoring_system": "epss", "scoring_elements": "0.81767", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01555", "scoring_system": "epss", "scoring_elements": "0.81796", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522874", "reference_id": "1522874", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522874" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883667", "reference_id": "883667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883667" }, { "reference_url": "https://security.archlinux.org/ASA-201801-21", "reference_id": "ASA-201801-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-21" }, { "reference_url": "https://security.archlinux.org/AVG-542", "reference_id": "AVG-542", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-542" }, { "reference_url": "https://security.gentoo.org/glsa/201801-16", "reference_id": "GLSA-201801-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-16" }, { "reference_url": "https://usn.ubuntu.com/3506-1/", "reference_id": "USN-3506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3506-1/" }, { "reference_url": "https://usn.ubuntu.com/3506-2/", "reference_id": "USN-3506-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3506-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4575?format=api", "purl": "pkg:deb/debian/rsync@3.1.1-3%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4855?format=api", "purl": "pkg:deb/debian/rsync@3.1.2-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.2-1%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2017-17433" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29gg-j4vp-7bef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59966?format=api", "vulnerability_id": "VCID-2c6b-ufgq-fbcw", "summary": "rsync: rsync: Hostname-based ACL bypass in daemon chroot configuration", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02441", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02512", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02514", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02456", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469060", "reference_id": "2469060", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469060" }, { "reference_url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f", "reference_id": "GHSA-rjfm-3w2m-jf4f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/" } ], "url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f" }, { "reference_url": "https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution", "reference_id": "rsync-authorization-bypass-via-hostname-resolution", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/" } ], "url": "https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution" }, { "reference_url": "https://usn.ubuntu.com/8283-1/", "reference_id": "USN-8283-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8283-1/" }, { "reference_url": "https://usn.ubuntu.com/8349-1/", "reference_id": "USN-8349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8349-1/" }, { "reference_url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "reference_id": "v3.4.3", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/" } ], "url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-43617" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c6b-ufgq-fbcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100295?format=api", "vulnerability_id": "VCID-3nrj-48zt-8yf7", "summary": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9512.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08882", "scoring_system": "epss", "scoring_elements": "0.92706", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.08882", "scoring_system": "epss", "scoring_elements": "0.92718", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08882", "scoring_system": "epss", "scoring_elements": "0.92713", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08882", "scoring_system": "epss", "scoring_elements": "0.92709", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9512" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:C/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293854", "reference_id": "1293854", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293854" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778333", "reference_id": "778333", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778333" }, { "reference_url": "https://security.gentoo.org/glsa/201605-04", "reference_id": "GLSA-201605-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-04" }, { "reference_url": "https://usn.ubuntu.com/2879-1/", "reference_id": "USN-2879-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2879-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4574?format=api", "purl": "pkg:deb/debian/rsync@3.1.1-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3" } ], "aliases": [ "CVE-2014-9512" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nrj-48zt-8yf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100285?format=api", "vulnerability_id": "VCID-3tny-puu3-7fgp", "summary": "rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0426.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0426.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03446", "scoring_system": "epss", "scoring_elements": "0.87713", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03446", "scoring_system": "epss", "scoring_elements": "0.87734", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03446", "scoring_system": "epss", "scoring_elements": "0.87735", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03446", "scoring_system": "epss", "scoring_elements": "0.87736", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617206", "reference_id": "1617206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:192", "reference_id": "RHSA-2004:192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4568?format=api", "purl": "pkg:deb/debian/rsync@2.6.4-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-556m-a6vw-3bfj" }, { "vulnerability": "VCID-56vk-3vsy-nkef" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6neq-h9yq-8fep" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-twpz-szrq-4ug3" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-w5qp-r7dz-h7fk" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6" } ], "aliases": [ "CVE-2004-0426" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tny-puu3-7fgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100289?format=api", "vulnerability_id": "VCID-556m-a6vw-3bfj", "summary": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4091.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4091.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10363", "scoring_system": "epss", "scoring_elements": "0.93335", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10363", "scoring_system": "epss", "scoring_elements": "0.93346", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10363", "scoring_system": "epss", "scoring_elements": "0.93347", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.10363", "scoring_system": "epss", "scoring_elements": "0.93344", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.10363", "scoring_system": "epss", "scoring_elements": "0.93343", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=252394", "reference_id": "252394", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=252394" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438125", "reference_id": "438125", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438125" }, { "reference_url": "https://security.gentoo.org/glsa/200709-13", "reference_id": "GLSA-200709-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200709-13" }, { "reference_url": "https://usn.ubuntu.com/500-1/", "reference_id": "USN-500-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/500-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4571?format=api", "purl": "pkg:deb/debian/rsync@3.0.3-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2" } ], "aliases": [ "CVE-2007-4091" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-556m-a6vw-3bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100290?format=api", "vulnerability_id": "VCID-56vk-3vsy-nkef", "summary": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6199.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06572", "scoring_system": "epss", "scoring_elements": "0.91315", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06572", "scoring_system": "epss", "scoring_elements": "0.91329", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06572", "scoring_system": "epss", "scoring_elements": "0.9133", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06572", "scoring_system": "epss", "scoring_elements": "0.91326", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06572", "scoring_system": "epss", "scoring_elements": "0.91321", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=407161", "reference_id": "407161", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407161" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652", "reference_id": "453652", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4571?format=api", "purl": "pkg:deb/debian/rsync@3.0.3-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2" } ], "aliases": [ "CVE-2007-6199" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56vk-3vsy-nkef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4346?format=api", "vulnerability_id": "VCID-6j5d-25zc-r7es", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17434.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17434.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.78919", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.78885", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.7891", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.78899", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.78912", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17434" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522875", "reference_id": "1522875", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522875" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883665", "reference_id": "883665", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883665" }, { "reference_url": "https://security.archlinux.org/ASA-201801-21", "reference_id": "ASA-201801-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-21" }, { "reference_url": "https://security.archlinux.org/AVG-542", "reference_id": "AVG-542", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-542" }, { "reference_url": "https://security.gentoo.org/glsa/201801-16", "reference_id": "GLSA-201801-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-16" }, { "reference_url": "https://usn.ubuntu.com/3506-1/", "reference_id": "USN-3506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3506-1/" }, { "reference_url": "https://usn.ubuntu.com/3506-2/", "reference_id": "USN-3506-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3506-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4575?format=api", "purl": "pkg:deb/debian/rsync@3.1.1-3%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4855?format=api", "purl": "pkg:deb/debian/rsync@3.1.2-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.2-1%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2017-17434" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6j5d-25zc-r7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100288?format=api", "vulnerability_id": "VCID-6neq-h9yq-8fep", "summary": "Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2083.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81497", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81525", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81527", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.8152", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2083" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=190207", "reference_id": "190207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=190207" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365614", "reference_id": "365614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365614" }, { "reference_url": "https://security.gentoo.org/glsa/200605-05", "reference_id": "GLSA-200605-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200605-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4569?format=api", "purl": "pkg:deb/debian/rsync@2.6.9-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-556m-a6vw-3bfj" }, { "vulnerability": "VCID-56vk-3vsy-nkef" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-twpz-szrq-4ug3" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-w5qp-r7dz-h7fk" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.9-2" } ], "aliases": [ "CVE-2006-2083" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6neq-h9yq-8fep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5774?format=api", "vulnerability_id": "VCID-6zwq-zvsq-rfda", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34016", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34117", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34065", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34132", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34099", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14387" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875549", "reference_id": "1875549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875549" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969530", "reference_id": "969530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969530" }, { "reference_url": "https://security.archlinux.org/ASA-202101-1", "reference_id": "ASA-202101-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-1" }, { "reference_url": "https://security.archlinux.org/AVG-1374", "reference_id": "AVG-1374", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1374" }, { "reference_url": "https://security.gentoo.org/glsa/202405-22", "reference_id": "GLSA-202405-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6313?format=api", "purl": "pkg:deb/debian/rsync@3.2.3-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-87kn-sjx9-z3ea" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-y59h-bzyk-dbhf" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.3-4%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14387" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6zwq-zvsq-rfda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4345?format=api", "vulnerability_id": "VCID-ay5s-4hr1-8qe5", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13133", "scoring_system": "epss", "scoring_elements": "0.94261", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.13133", "scoring_system": "epss", "scoring_elements": "0.9425", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13133", "scoring_system": "epss", "scoring_elements": "0.94262", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.13133", "scoring_system": "epss", "scoring_elements": "0.94259", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536661", "reference_id": "1536661", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536661" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887588", "reference_id": "887588", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887588" }, { "reference_url": "https://security.archlinux.org/ASA-201801-21", "reference_id": "ASA-201801-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-21" }, { "reference_url": "https://security.archlinux.org/AVG-542", "reference_id": "AVG-542", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-542" }, { "reference_url": "https://security.gentoo.org/glsa/201805-04", "reference_id": "GLSA-201805-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201805-04" }, { "reference_url": "https://usn.ubuntu.com/3543-1/", "reference_id": "USN-3543-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3543-1/" }, { "reference_url": "https://usn.ubuntu.com/3543-2/", "reference_id": "USN-3543-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3543-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2018-5764" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5s-4hr1-8qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59963?format=api", "vulnerability_id": "VCID-be1r-cmk6-dyb9", "summary": "rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29518", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00908", "published_at": "2026-06-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00912", "published_at": "2026-06-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00911", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://michael.stapelberg.ch/posts/2026-05-24-minimal-memory-safe-go-rsync-vulns/", "reference_id": "2026-05-24-minimal-memory-safe-go-rsync-vulns", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/" } ], "url": "https://michael.stapelberg.ch/posts/2026-05-24-minimal-memory-safe-go-rsync-vulns/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469055", "reference_id": "2469055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469055" }, { "reference_url": "https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d", "reference_id": "8471fdd1561049ef5f58df44a1811a50bd9a531d", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/" } ], "url": "https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d" }, { "reference_url": "https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write", "reference_id": "rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/" } ], "url": "https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write" }, { "reference_url": "https://usn.ubuntu.com/8283-1/", "reference_id": "USN-8283-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8283-1/" }, { "reference_url": "https://usn.ubuntu.com/8349-1/", "reference_id": "USN-8349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8349-1/" }, { "reference_url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "reference_id": "v3.4.3", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/" } ], "url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-29518" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-be1r-cmk6-dyb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100298?format=api", "vulnerability_id": "VCID-bvzk-j9h5-zkem", "summary": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9842.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12602", "scoring_system": "epss", "scoring_elements": "0.94092", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.12602", "scoring_system": "epss", "scoring_elements": "0.94095", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.12602", "scoring_system": "epss", "scoring_elements": "0.94094", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.13024", "scoring_system": "epss", "scoring_elements": "0.94218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14635", "scoring_system": "epss", "scoring_elements": "0.94609", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1039427", "reference_id": "1039427", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "http://www.securitytracker.com/id/1039427" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348", "reference_id": "1402348", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/12/05/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/12/05/21" }, { "reference_url": "https://usn.ubuntu.com/4246-1/", "reference_id": "4246-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://usn.ubuntu.com/4246-1/" }, { "reference_url": "https://usn.ubuntu.com/4292-1/", "reference_id": "4292-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://usn.ubuntu.com/4292-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274", "reference_id": "847274", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509", "reference_id": "924509", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509" }, { "reference_url": "http://www.securityfocus.com/bid/95131", "reference_id": "95131", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "http://www.securityfocus.com/bid/95131" }, { "reference_url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", "reference_id": "Completed#zlib", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib" }, { "reference_url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958", "reference_id": "e54e1299404101a5a9d0cf5e45512b543967f958", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958" }, { "reference_url": "https://security.gentoo.org/glsa/201701-56", "reference_id": "GLSA-201701-56", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://security.gentoo.org/glsa/201701-56" }, { "reference_url": "https://security.gentoo.org/glsa/202007-54", "reference_id": "GLSA-202007-54", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://security.gentoo.org/glsa/202007-54" }, { "reference_url": "https://support.apple.com/HT208112", "reference_id": "HT208112", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://support.apple.com/HT208112" }, { "reference_url": "https://support.apple.com/HT208113", "reference_id": "HT208113", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://support.apple.com/HT208113" }, { "reference_url": "https://support.apple.com/HT208115", "reference_id": "HT208115", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://support.apple.com/HT208115" }, { "reference_url": "https://support.apple.com/HT208144", "reference_id": "HT208144", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://support.apple.com/HT208144" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", "reference_id": "msg00027.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", "reference_id": "msg00050.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", "reference_id": "msg00053.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", "reference_id": "msg00127.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1220", "reference_id": "RHSA-2017:1220", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1221", "reference_id": "RHSA-2017:1221", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1222", "reference_id": "RHSA-2017:1222", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2999", "reference_id": "RHSA-2017:2999", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3046", "reference_id": "RHSA-2017:3046", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3047", "reference_id": "RHSA-2017:3047", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3453", "reference_id": "RHSA-2017:3453", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "reference_url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "reference_id": "Zlib-report.pdf", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/" } ], "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2016-9842" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvzk-j9h5-zkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3590?format=api", "vulnerability_id": "VCID-c97r-cqv2-r3h4", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12085.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1902", "scoring_system": "epss", "scoring_elements": "0.95458", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.1902", "scoring_system": "epss", "scoring_elements": "0.95459", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.1902", "scoring_system": "epss", "scoring_elements": "0.95453", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.1902", "scoring_system": "epss", "scoring_elements": "0.95456", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", "reference_id": "2330539", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539" }, { "reference_url": "https://kb.cert.org/vuls/id/952657", "reference_id": "952657", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://kb.cert.org/vuls/id/952657" }, { "reference_url": "https://security.archlinux.org/ASA-202501-1", "reference_id": "ASA-202501-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202501-1" }, { "reference_url": "https://security.archlinux.org/AVG-2858", "reference_id": "AVG-2858", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.8::el9", "reference_id": "cpe:/a:redhat:logging:5.8::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.8::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.9::el9", "reference_id": "cpe:/a:redhat:logging:5.9::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.9::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8", "reference_id": "cpe:/a:redhat:openshift:4.13::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8", "reference_id": "cpe:/a:redhat:openshift:4.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8", "reference_id": "cpe:/a:redhat:openshift:4.15::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_compliance_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6", "reference_id": "cpe:/o:redhat:rhel_els:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-12085", "reference_id": "CVE-2024-12085", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-12085" }, { "reference_url": "https://security.gentoo.org/glsa/202501-01", "reference_id": "GLSA-202501-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-01" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:6470", "reference_id": "RHBA-2025:6470", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:6470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0324", "reference_id": "RHSA-2025:0324", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0325", "reference_id": "RHSA-2025:0325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0637", "reference_id": "RHSA-2025:0637", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0688", "reference_id": "RHSA-2025:0688", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0714", "reference_id": "RHSA-2025:0714", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0774", "reference_id": "RHSA-2025:0774", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0787", "reference_id": "RHSA-2025:0787", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0790", "reference_id": "RHSA-2025:0790", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0849", "reference_id": "RHSA-2025:0849", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0884", "reference_id": "RHSA-2025:0884", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0885", "reference_id": "RHSA-2025:0885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1120", "reference_id": "RHSA-2025:1120", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1123", "reference_id": "RHSA-2025:1123", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1128", "reference_id": "RHSA-2025:1128", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1225", "reference_id": "RHSA-2025:1225", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1227", "reference_id": "RHSA-2025:1227", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1242", "reference_id": "RHSA-2025:1242", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1451", "reference_id": "RHSA-2025:1451", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21885", "reference_id": "RHSA-2025:21885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21885" }, { "reference_url": "https://usn.ubuntu.com/7206-1/", "reference_id": "USN-7206-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-1/" }, { "reference_url": "https://usn.ubuntu.com/7206-3/", "reference_id": "USN-7206-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2024-12085" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c97r-cqv2-r3h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100286?format=api", "vulnerability_id": "VCID-e8g3-c9dj-a3am", "summary": "Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0792.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74001", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74034", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74038", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74007", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617292", "reference_id": "1617292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617292" }, { "reference_url": "https://security.gentoo.org/glsa/200408-17", "reference_id": "GLSA-200408-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200408-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:436", "reference_id": "RHSA-2004:436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:436" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4568?format=api", "purl": "pkg:deb/debian/rsync@2.6.4-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-556m-a6vw-3bfj" }, { "vulnerability": "VCID-56vk-3vsy-nkef" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6neq-h9yq-8fep" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-twpz-szrq-4ug3" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-w5qp-r7dz-h7fk" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6" } ], "aliases": [ "CVE-2004-0792" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8g3-c9dj-a3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59965?format=api", "vulnerability_id": "VCID-f9zn-2jhn-jqg4", "summary": "rsync: rsync: Symlink race vulnerability allows unauthorized file operations", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43619.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43619.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43619", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00528", "published_at": "2026-06-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00534", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00532", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43619" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469058", "reference_id": "2469058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469058" }, { "reference_url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735", "reference_id": "GHSA-4h9m-w5ff-j735", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/" } ], "url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735" }, { "reference_url": "https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls", "reference_id": "rsync-symlink-race-condition-via-path-based-syscalls", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/" } ], "url": "https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls" }, { "reference_url": "https://usn.ubuntu.com/8283-1/", "reference_id": "USN-8283-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8283-1/" }, { "reference_url": "https://usn.ubuntu.com/8349-1/", "reference_id": "USN-8349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8349-1/" }, { "reference_url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "reference_id": "v3.4.3", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/" } ], "url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-43619" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9zn-2jhn-jqg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100297?format=api", "vulnerability_id": "VCID-jrfy-z2we-n7cz", "summary": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9841.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13495", "scoring_system": "epss", "scoring_elements": "0.94345", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.19177", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.19177", "scoring_system": "epss", "scoring_elements": "0.95485", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.19177", "scoring_system": "epss", "scoring_elements": "0.95487", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.23605", "scoring_system": "epss", "scoring_elements": "0.96092", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346", "reference_id": "1402346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270", "reference_id": "847270", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509", "reference_id": "924509", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509" }, { "reference_url": "https://security.gentoo.org/glsa/201701-56", "reference_id": "GLSA-201701-56", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-56" }, { "reference_url": "https://security.gentoo.org/glsa/202007-54", "reference_id": "GLSA-202007-54", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1220", "reference_id": "RHSA-2017:1220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1221", "reference_id": "RHSA-2017:1221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1222", "reference_id": "RHSA-2017:1222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2999", "reference_id": "RHSA-2017:2999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3046", "reference_id": "RHSA-2017:3046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3047", "reference_id": "RHSA-2017:3047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3453", "reference_id": "RHSA-2017:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "reference_url": "https://usn.ubuntu.com/6736-1/", "reference_id": "USN-6736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6736-1/" }, { "reference_url": "https://usn.ubuntu.com/6736-2/", "reference_id": "USN-6736-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6736-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2016-9841" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrfy-z2we-n7cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4348?format=api", "vulnerability_id": "VCID-kxm2-1khw-suaq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03341", "scoring_system": "epss", "scoring_elements": "0.87526", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03341", "scoring_system": "epss", "scoring_elements": "0.87543", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03341", "scoring_system": "epss", "scoring_elements": "0.87545", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03341", "scoring_system": "epss", "scoring_elements": "0.87544", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03341", "scoring_system": "epss", "scoring_elements": "0.87547", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511411", "reference_id": "1511411", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511411" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880954", "reference_id": "880954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880954" }, { "reference_url": "https://security.archlinux.org/ASA-201801-21", "reference_id": "ASA-201801-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-21" }, { "reference_url": "https://security.archlinux.org/AVG-542", "reference_id": "AVG-542", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-542" }, { "reference_url": "https://security.gentoo.org/glsa/201801-16", "reference_id": "GLSA-201801-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-16" }, { "reference_url": "https://usn.ubuntu.com/3543-1/", "reference_id": "USN-3543-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3543-1/" }, { "reference_url": "https://usn.ubuntu.com/3543-2/", "reference_id": "USN-3543-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3543-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4575?format=api", "purl": "pkg:deb/debian/rsync@3.1.1-3%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4855?format=api", "purl": "pkg:deb/debian/rsync@3.1.2-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.2-1%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2017-16548" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxm2-1khw-suaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100294?format=api", "vulnerability_id": "VCID-mwde-7pds-33c5", "summary": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17189", "scoring_system": "epss", "scoring_elements": "0.95143", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17189", "scoring_system": "epss", "scoring_elements": "0.95151", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.17189", "scoring_system": "epss", "scoring_elements": "0.95152", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.17189", "scoring_system": "epss", "scoring_elements": "0.95154", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.17189", "scoring_system": "epss", "scoring_elements": "0.95153", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087841", "reference_id": "1087841", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087841" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744791", "reference_id": "744791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744791" }, { "reference_url": "https://usn.ubuntu.com/2171-1/", "reference_id": "USN-2171-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2171-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4574?format=api", "purl": "pkg:deb/debian/rsync@3.1.1-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3" } ], "aliases": [ "CVE-2014-2855" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwde-7pds-33c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3586?format=api", "vulnerability_id": "VCID-nh72-az7j-wqde", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01457", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01455", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01465", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "reference_id": "2332968", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968" }, { "reference_url": "https://kb.cert.org/vuls/id/952657", "reference_id": "952657", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://kb.cert.org/vuls/id/952657" }, { "reference_url": "https://security.archlinux.org/ASA-202501-1", "reference_id": "ASA-202501-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202501-1" }, { "reference_url": "https://security.archlinux.org/AVG-2858", "reference_id": "AVG-2858", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-12747", "reference_id": "CVE-2024-12747", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-12747" }, { "reference_url": "https://security.gentoo.org/glsa/202501-01", "reference_id": "GLSA-202501-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-01" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:6470", "reference_id": "RHBA-2025:6470", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:6470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2600", "reference_id": "RHSA-2025:2600", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7050", "reference_id": "RHSA-2025:7050", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7206-1/", "reference_id": "USN-7206-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-1/" }, { "reference_url": "https://usn.ubuntu.com/7206-3/", "reference_id": "USN-7206-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2024-12747" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nh72-az7j-wqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3587?format=api", "vulnerability_id": "VCID-rt4a-vn86-vfd1", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0247", "scoring_system": "epss", "scoring_elements": "0.85555", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0247", "scoring_system": "epss", "scoring_elements": "0.85568", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0247", "scoring_system": "epss", "scoring_elements": "0.85573", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0247", "scoring_system": "epss", "scoring_elements": "0.8557", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "reference_id": "2330676", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676" }, { "reference_url": "https://kb.cert.org/vuls/id/952657", "reference_id": "952657", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://kb.cert.org/vuls/id/952657" }, { "reference_url": "https://security.archlinux.org/ASA-202501-1", "reference_id": "ASA-202501-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202501-1" }, { "reference_url": "https://security.archlinux.org/AVG-2858", "reference_id": "AVG-2858", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-12088", "reference_id": "CVE-2024-12088", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-12088" }, { "reference_url": "https://security.gentoo.org/glsa/202501-01", "reference_id": "GLSA-202501-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-01" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:6470", "reference_id": "RHBA-2025:6470", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:6470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2600", "reference_id": "RHSA-2025:2600", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7050", "reference_id": "RHSA-2025:7050", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7206-1/", "reference_id": "USN-7206-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-1/" }, { "reference_url": "https://usn.ubuntu.com/7206-3/", "reference_id": "USN-7206-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2024-12088" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rt4a-vn86-vfd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3589?format=api", "vulnerability_id": "VCID-rub5-mpqy-qke8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12086.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12086.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.8365", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.8366", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83661", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83657", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", "reference_id": "2330577", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577" }, { "reference_url": "https://kb.cert.org/vuls/id/952657", "reference_id": "952657", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/" } ], "url": "https://kb.cert.org/vuls/id/952657" }, { "reference_url": "https://security.archlinux.org/ASA-202501-1", "reference_id": "ASA-202501-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202501-1" }, { "reference_url": "https://security.archlinux.org/AVG-2858", "reference_id": "AVG-2858", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-12086", "reference_id": "CVE-2024-12086", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-12086" }, { "reference_url": "https://security.gentoo.org/glsa/202501-01", "reference_id": "GLSA-202501-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-01" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:6470", "reference_id": "RHBA-2025:6470", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:6470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19368", "reference_id": "RHSA-2026:19368", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:19368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20603", "reference_id": "RHSA-2026:20603", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:20603" }, { "reference_url": "https://usn.ubuntu.com/7206-1/", "reference_id": "USN-7206-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-1/" }, { "reference_url": "https://usn.ubuntu.com/7206-3/", "reference_id": "USN-7206-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2024-12086" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rub5-mpqy-qke8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100287?format=api", "vulnerability_id": "VCID-shem-sbrm-mba8", "summary": "Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.73002", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.7304", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.73046", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.7303", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.73017", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2093" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/152.c", "reference_id": "OSVDB-45182;CVE-2004-2093", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/152.c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4568?format=api", "purl": "pkg:deb/debian/rsync@2.6.4-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-556m-a6vw-3bfj" }, { "vulnerability": "VCID-56vk-3vsy-nkef" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6neq-h9yq-8fep" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-twpz-szrq-4ug3" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-w5qp-r7dz-h7fk" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6" } ], "aliases": [ "CVE-2004-2093" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shem-sbrm-mba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100284?format=api", "vulnerability_id": "VCID-syr4-38sr-5ye2", "summary": "Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2003-0962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.44259", "scoring_system": "epss", "scoring_elements": "0.97621", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.44259", "scoring_system": "epss", "scoring_elements": "0.97624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.44259", "scoring_system": "epss", "scoring_elements": "0.97626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.44259", "scoring_system": "epss", "scoring_elements": "0.97627", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2003-0962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617105", "reference_id": "1617105", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:398", "reference_id": "RHSA-2003:398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:399", "reference_id": "RHSA-2003:399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:399" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4568?format=api", "purl": "pkg:deb/debian/rsync@2.6.4-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-556m-a6vw-3bfj" }, { "vulnerability": "VCID-56vk-3vsy-nkef" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6neq-h9yq-8fep" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-twpz-szrq-4ug3" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-w5qp-r7dz-h7fk" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6" } ], "aliases": [ "CVE-2003-0962" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syr4-38sr-5ye2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100296?format=api", "vulnerability_id": "VCID-tm8c-43cn-3fa4", "summary": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09831", "scoring_system": "epss", "scoring_elements": "0.93124", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.09831", "scoring_system": "epss", "scoring_elements": "0.93129", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.09831", "scoring_system": "epss", "scoring_elements": "0.93126", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.12517", "scoring_system": "epss", "scoring_elements": "0.9407", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.12517", "scoring_system": "epss", "scoring_elements": "0.94062", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345", "reference_id": "1402345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270", "reference_id": "847270", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509", "reference_id": "924509", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509" }, { "reference_url": "https://security.gentoo.org/glsa/201701-56", "reference_id": "GLSA-201701-56", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-56" }, { "reference_url": "https://security.gentoo.org/glsa/202007-54", "reference_id": "GLSA-202007-54", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1220", "reference_id": "RHSA-2017:1220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1221", "reference_id": "RHSA-2017:1221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1222", "reference_id": "RHSA-2017:1222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2999", "reference_id": "RHSA-2017:2999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3046", "reference_id": "RHSA-2017:3046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3047", "reference_id": "RHSA-2017:3047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3453", "reference_id": "RHSA-2017:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10541", "reference_id": "RHSA-2025:10541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11048", "reference_id": "RHSA-2025:11048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12013", "reference_id": "RHSA-2025:12013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13947", "reference_id": "RHSA-2025:13947", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8280", "reference_id": "RHSA-2025:8280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8284", "reference_id": "RHSA-2025:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8314", "reference_id": "RHSA-2025:8314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8395", "reference_id": "RHSA-2025:8395", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8395" }, { "reference_url": "https://usn.ubuntu.com/6736-1/", "reference_id": "USN-6736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6736-1/" }, { "reference_url": "https://usn.ubuntu.com/6736-2/", "reference_id": "USN-6736-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6736-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2016-9840" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tm8c-43cn-3fa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100292?format=api", "vulnerability_id": "VCID-twpz-szrq-4ug3", "summary": "Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1720.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08442", "scoring_system": "epss", "scoring_elements": "0.92489", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08442", "scoring_system": "epss", "scoring_elements": "0.92502", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08442", "scoring_system": "epss", "scoring_elements": "0.92497", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08442", "scoring_system": "epss", "scoring_elements": "0.92492", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.08442", "scoring_system": "epss", "scoring_elements": "0.92491", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=441683", "reference_id": "441683", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=441683" }, { "reference_url": "https://security.gentoo.org/glsa/200804-16", "reference_id": "GLSA-200804-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200804-16" }, { "reference_url": "https://usn.ubuntu.com/600-1/", "reference_id": "USN-600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/600-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4571?format=api", "purl": "pkg:deb/debian/rsync@3.0.3-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2" } ], "aliases": [ "CVE-2008-1720" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twpz-szrq-4ug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100299?format=api", "vulnerability_id": "VCID-uaqx-g92v-sbdh", "summary": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13502", "scoring_system": "epss", "scoring_elements": "0.94357", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.13502", "scoring_system": "epss", "scoring_elements": "0.94358", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.15071", "scoring_system": "epss", "scoring_elements": "0.94704", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16958", "scoring_system": "epss", "scoring_elements": "0.95102", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351", "reference_id": "1402351", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847275", "reference_id": "847275", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847275" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509", "reference_id": "924509", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509" }, { "reference_url": "https://security.gentoo.org/glsa/201701-56", "reference_id": "GLSA-201701-56", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-56" }, { "reference_url": "https://security.gentoo.org/glsa/202007-54", "reference_id": "GLSA-202007-54", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1220", "reference_id": "RHSA-2017:1220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1221", "reference_id": "RHSA-2017:1221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1222", "reference_id": "RHSA-2017:1222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2999", "reference_id": "RHSA-2017:2999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3046", "reference_id": "RHSA-2017:3046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3047", "reference_id": "RHSA-2017:3047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3453", "reference_id": "RHSA-2017:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "reference_url": "https://usn.ubuntu.com/7959-1/", "reference_id": "USN-7959-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7959-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5941?format=api", "purl": "pkg:deb/debian/rsync@3.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6" } ], "aliases": [ "CVE-2016-9843" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uaqx-g92v-sbdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59964?format=api", "vulnerability_id": "VCID-vfqu-z1s4-mfa2", "summary": "rsync: rsync: Remote Denial of Service via Out-of-bounds Read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04182", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0422", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04219", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04208", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469057", "reference_id": "2469057", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469057" }, { "reference_url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm", "reference_id": "GHSA-28pw-r563-rxvm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/" } ], "url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm" }, { "reference_url": "https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files", "reference_id": "rsync-out-of-bounds-array-read-via-recv-files", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/" } ], "url": "https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files" }, { "reference_url": "https://usn.ubuntu.com/8283-1/", "reference_id": "USN-8283-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8283-1/" }, { "reference_url": "https://usn.ubuntu.com/8349-1/", "reference_id": "USN-8349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8349-1/" }, { "reference_url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "reference_id": "v3.4.3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/" } ], "url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-43620" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfqu-z1s4-mfa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100291?format=api", "vulnerability_id": "VCID-w5qp-r7dz-h7fk", "summary": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6200.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85074", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85098", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85102", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85096", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85086", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171", "reference_id": "407171", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652", "reference_id": "453652", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0999", "reference_id": "RHSA-2011:0999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0999" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4571?format=api", "purl": "pkg:deb/debian/rsync@3.0.3-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-x81r-ud9r-8ybd" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2" } ], "aliases": [ "CVE-2007-6200" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5qp-r7dz-h7fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59961?format=api", "vulnerability_id": "VCID-wc4u-jz1n-eff9", "summary": "rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17846", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17961", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17958", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17921", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469054", "reference_id": "2469054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469054" }, { "reference_url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq", "reference_id": "GHSA-g37v-g3gj-pmwq", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/" } ], "url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq" }, { "reference_url": "https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure", "reference_id": "rsync-integer-overflow-information-disclosure", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/" } ], "url": "https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure" }, { "reference_url": "https://usn.ubuntu.com/8283-1/", "reference_id": "USN-8283-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8283-1/" }, { "reference_url": "https://usn.ubuntu.com/8349-1/", "reference_id": "USN-8349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8349-1/" }, { "reference_url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "reference_id": "v3.4.3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/" } ], "url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-43618" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4u-jz1n-eff9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100293?format=api", "vulnerability_id": "VCID-x81r-ud9r-8ybd", "summary": "rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01623", "scoring_system": "epss", "scoring_elements": "0.8218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01623", "scoring_system": "epss", "scoring_elements": "0.82209", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01623", "scoring_system": "epss", "scoring_elements": "0.8221", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01623", "scoring_system": "epss", "scoring_elements": "0.82212", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02186", "scoring_system": "epss", "scoring_elements": "0.84689", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621866", "reference_id": "621866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675036", "reference_id": "675036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675036" }, { "reference_url": "https://security.gentoo.org/glsa/201412-09", "reference_id": "GLSA-201412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0390", "reference_id": "RHSA-2011:0390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0390" }, { "reference_url": "https://usn.ubuntu.com/1124-1/", "reference_id": "USN-1124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4573?format=api", "purl": "pkg:deb/debian/rsync@3.0.9-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gg-j4vp-7bef" }, { "vulnerability": "VCID-2c6b-ufgq-fbcw" }, { "vulnerability": "VCID-3nrj-48zt-8yf7" }, { "vulnerability": "VCID-6j5d-25zc-r7es" }, { "vulnerability": "VCID-6zwq-zvsq-rfda" }, { "vulnerability": "VCID-ay5s-4hr1-8qe5" }, { "vulnerability": "VCID-be1r-cmk6-dyb9" }, { "vulnerability": "VCID-bvzk-j9h5-zkem" }, { "vulnerability": "VCID-c97r-cqv2-r3h4" }, { "vulnerability": "VCID-f9zn-2jhn-jqg4" }, { "vulnerability": "VCID-jrfy-z2we-n7cz" }, { "vulnerability": "VCID-kxm2-1khw-suaq" }, { "vulnerability": "VCID-mwde-7pds-33c5" }, { "vulnerability": "VCID-nh72-az7j-wqde" }, { "vulnerability": "VCID-rt4a-vn86-vfd1" }, { "vulnerability": "VCID-rub5-mpqy-qke8" }, { "vulnerability": "VCID-tm8c-43cn-3fa4" }, { "vulnerability": "VCID-uaqx-g92v-sbdh" }, { "vulnerability": "VCID-vfqu-z1s4-mfa2" }, { "vulnerability": "VCID-wc4u-jz1n-eff9" }, { "vulnerability": "VCID-yamy-3z1h-kqaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.9-4" } ], "aliases": [ "CVE-2011-1097" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x81r-ud9r-8ybd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3588?format=api", "vulnerability_id": "VCID-yamy-3z1h-kqaf", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12087.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87174", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87184", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87181", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87178", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "reference_id": "2330672", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672" }, { "reference_url": "https://kb.cert.org/vuls/id/952657", "reference_id": "952657", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://kb.cert.org/vuls/id/952657" }, { "reference_url": "https://security.archlinux.org/ASA-202501-1", "reference_id": "ASA-202501-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202501-1" }, { "reference_url": "https://security.archlinux.org/AVG-2858", "reference_id": "AVG-2858", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6", "reference_id": "cpe:/o:redhat:rhel_els:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-12087", "reference_id": "CVE-2024-12087", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-12087" }, { "reference_url": "https://security.gentoo.org/glsa/202501-01", "reference_id": "GLSA-202501-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-01" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:6470", "reference_id": "RHBA-2025:6470", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:6470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23154", "reference_id": "RHSA-2025:23154", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23235", "reference_id": "RHSA-2025:23235", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23407", "reference_id": "RHSA-2025:23407", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23415", "reference_id": "RHSA-2025:23415", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23416", "reference_id": "RHSA-2025:23416", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23842", "reference_id": "RHSA-2025:23842", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23853", "reference_id": "RHSA-2025:23853", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23854", "reference_id": "RHSA-2025:23854", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23858", "reference_id": "RHSA-2025:23858", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2600", "reference_id": "RHSA-2025:2600", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7050", "reference_id": "RHSA-2025:7050", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7206-1/", "reference_id": "USN-7206-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-1/" }, { "reference_url": "https://usn.ubuntu.com/7206-3/", "reference_id": "USN-7206-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7206-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195406?format=api", "purl": "pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w3c-s3ph-v7fk" }, { "vulnerability": "VCID-eyj3-gsf2-u7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4" } ], "aliases": [ "CVE-2024-12087" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yamy-3z1h-kqaf" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.3.2-1.2" }