Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/516246?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/516246?format=api", "purl": "pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1", "type": "deb", "namespace": "debian", "name": "libvpx", "version": "1.7.0-3+deb10u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.12.0-1+deb12u5", "latest_non_vulnerable_version": "1.12.0-1+deb12u5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77756?format=api", "vulnerability_id": "VCID-3b52-zd7f-j7cs", "summary": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91323", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91336", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91329", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91338", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91333", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788966", "reference_id": "1788966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788966" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3876", "reference_id": "RHSA-2020:3876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4629", "reference_id": "RHSA-2020:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4629" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" }, { "reference_url": "https://usn.ubuntu.com/4199-2/", "reference_id": "USN-4199-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9232" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b52-zd7f-j7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77758?format=api", "vulnerability_id": "VCID-3w93-g24j-dbex", "summary": "In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9371.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.086", "scoring_system": "epss", "scoring_elements": "0.92565", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.086", "scoring_system": "epss", "scoring_elements": "0.92577", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.086", "scoring_system": "epss", "scoring_elements": "0.92567", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.086", "scoring_system": "epss", "scoring_elements": "0.92573", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.086", "scoring_system": "epss", "scoring_elements": "0.92569", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9371" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789004", "reference_id": "1789004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789004" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4629", "reference_id": "RHSA-2020:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4629" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9371" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3w93-g24j-dbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77768?format=api", "vulnerability_id": "VCID-8j9y-bsgf-bfhy", "summary": "There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55843", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55848", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55835", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291198", "reference_id": "2291198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291198" }, { "reference_url": "https://g-issues.chromium.org/issues/332382766", "reference_id": "332382766", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-03T17:27:56Z/" } ], "url": "https://g-issues.chromium.org/issues/332382766" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-03T17:27:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5941", "reference_id": "RHSA-2024:5941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9827", "reference_id": "RHSA-2024:9827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14138", "reference_id": "RHSA-2025:14138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14139", "reference_id": "RHSA-2025:14139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14140", "reference_id": "RHSA-2025:14140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14140" }, { "reference_url": "https://usn.ubuntu.com/6814-1/", "reference_id": "USN-6814-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6814-1/" }, { "reference_url": "https://usn.ubuntu.com/7249-1/", "reference_id": "USN-7249-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7249-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2024-5197" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8j9y-bsgf-bfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77757?format=api", "vulnerability_id": "VCID-9g4r-vw9q-dqfv", "summary": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92489", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92502", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92491", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92497", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92492", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789002", "reference_id": "1789002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789002" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9325" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g4r-vw9q-dqfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1090?format=api", "vulnerability_id": "VCID-ghpk-c1e6-pkae", "summary": "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89879", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89877", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89878", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://crbug.com/1486441", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://crbug.com/1486441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/40022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40022" }, { "reference_url": "https://github.com/electron/electron/pull/40023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40023" }, { "reference_url": "https://github.com/electron/electron/pull/40024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40024" }, { "reference_url": "https://github.com/electron/electron/pull/40025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40025" }, { "reference_url": "https://github.com/electron/electron/pull/40026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40026" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v22.3.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v24.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v24.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v25.8.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v25.8.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v26.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v26.2.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "reference_url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "reference_url": "https://github.com/webmproject/libvpx/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/tags" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "reference_url": "https://pastebin.com/TdkC4pDv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://pastebin.com/TdkC4pDv" }, { "reference_url": "https://security.gentoo.org/glsa/202310-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202401-34" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "reference_url": "https://support.apple.com/kb/HT213961", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213961" }, { "reference_url": "https://support.apple.com/kb/HT213972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213972" }, { "reference_url": "https://twitter.com/maddiestone/status/1707163313711497266", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5509", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182", "reference_id": "1053182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "reference_id": "AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "reference_url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g", "reference_id": "GHSA-qqvq-6xgj-jw8g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44", "reference_id": "mfsa2023-44", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5426", "reference_id": "RHSA-2023:5426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5427", "reference_id": "RHSA-2023:5427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5428", "reference_id": "RHSA-2023:5428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5429", "reference_id": "RHSA-2023:5429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5430", "reference_id": "RHSA-2023:5430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5432", "reference_id": "RHSA-2023:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5433", "reference_id": "RHSA-2023:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5434", "reference_id": "RHSA-2023:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5435", "reference_id": "RHSA-2023:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5436", "reference_id": "RHSA-2023:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5437", "reference_id": "RHSA-2023:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5438", "reference_id": "RHSA-2023:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5439", "reference_id": "RHSA-2023:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5440", "reference_id": "RHSA-2023:5440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5475", "reference_id": "RHSA-2023:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5477", "reference_id": "RHSA-2023:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://usn.ubuntu.com/6404-1/", "reference_id": "USN-6404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6404-1/" }, { "reference_url": "https://usn.ubuntu.com/6405-1/", "reference_id": "USN-6405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6405-1/" }, { "reference_url": "https://usn.ubuntu.com/7172-1/", "reference_id": "USN-7172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-5217", "GHSA-qqvq-6xgj-jw8g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghpk-c1e6-pkae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/741?format=api", "vulnerability_id": "VCID-kssx-csgu-3yg3", "summary": "A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50903", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50933", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50954", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50949", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689", "reference_id": "1106689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368749", "reference_id": "2368749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368749" }, { "reference_url": "https://issues.chromium.org/issues/419467315", "reference_id": "419467315", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/" } ], "url": "https://issues.chromium.org/issues/419467315" }, { "reference_url": "https://security.gentoo.org/glsa/202509-07", "reference_id": "GLSA-202509-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9118", "reference_id": "RHSA-2025:9118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9119", "reference_id": "RHSA-2025:9119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9120", "reference_id": "RHSA-2025:9120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9122", "reference_id": "RHSA-2025:9122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9123", "reference_id": "RHSA-2025:9123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9124", "reference_id": "RHSA-2025:9124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9125", "reference_id": "RHSA-2025:9125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9126", "reference_id": "RHSA-2025:9126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9127", "reference_id": "RHSA-2025:9127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9128", "reference_id": "RHSA-2025:9128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9331", "reference_id": "RHSA-2025:9331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9331" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://usn.ubuntu.com/7551-1/", "reference_id": "USN-7551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7551-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/989668?format=api", "purl": "pkg:deb/debian/libvpx@1.12.0-1%2Bdeb12u5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.12.0-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-5283" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kssx-csgu-3yg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77761?format=api", "vulnerability_id": "VCID-m32e-5bgp-nqfg", "summary": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9433.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91865", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91877", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91875", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91879", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91876", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788994", "reference_id": "1788994", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788994" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3876", "reference_id": "RHSA-2020:3876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4629", "reference_id": "RHSA-2020:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4629" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" }, { "reference_url": "https://usn.ubuntu.com/4199-2/", "reference_id": "USN-4199-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9433" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m32e-5bgp-nqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77766?format=api", "vulnerability_id": "VCID-pwcn-bk3c-eycm", "summary": "VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44488.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44488.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44488", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01446", "scoring_system": "epss", "scoring_elements": "0.81119", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01446", "scoring_system": "epss", "scoring_elements": "0.81124", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01446", "scoring_system": "epss", "scoring_elements": "0.81128", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44488" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241806", "reference_id": "2241806", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:14:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241806" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f", "reference_id": "263682c9a29395055f3b3afe2d97be1828a6223f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:14:51Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937", "reference_id": "df9fd9d5b7325060b2b921558a1eb20ca7880937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:14:51Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5518", "reference_id": "dsa-5518", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:14:51Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6162", "reference_id": "RHSA-2023:6162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6185", "reference_id": "RHSA-2023:6185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6186", "reference_id": "RHSA-2023:6186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6187", "reference_id": "RHSA-2023:6187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6188", "reference_id": "RHSA-2023:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6189", "reference_id": "RHSA-2023:6189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6190", "reference_id": "RHSA-2023:6190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6191", "reference_id": "RHSA-2023:6191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6192", "reference_id": "RHSA-2023:6192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6194", "reference_id": "RHSA-2023:6194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6195", "reference_id": "RHSA-2023:6195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6196", "reference_id": "RHSA-2023:6196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6197", "reference_id": "RHSA-2023:6197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6198", "reference_id": "RHSA-2023:6198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6199", "reference_id": "RHSA-2023:6199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6199" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:14:51Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1", "reference_id": "v1.13.0...v1.13.1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:14:51Z/" } ], "url": "https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-44488" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwcn-bk3c-eycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/399?format=api", "vulnerability_id": "VCID-vzpq-6jd2-duhf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05385", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05322", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05361", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05366", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283", "reference_id": "1128283", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219", "reference_id": "2440219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10", "reference_id": "mfsa2026-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-10/", "reference_id": "mfsa2026-10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11", "reference_id": "mfsa2026-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-11/", "reference_id": "mfsa2026-11", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3967", "reference_id": "RHSA-2026:3967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4447", "reference_id": "RHSA-2026:4447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4629", "reference_id": "RHSA-2026:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5227", "reference_id": "RHSA-2026:5227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5228", "reference_id": "RHSA-2026:5228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5229", "reference_id": "RHSA-2026:5229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5230", "reference_id": "RHSA-2026:5230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5231", "reference_id": "RHSA-2026:5231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5319", "reference_id": "RHSA-2026:5319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5320", "reference_id": "RHSA-2026:5320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5323", "reference_id": "RHSA-2026:5323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5324", "reference_id": "RHSA-2026:5324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5326", "reference_id": "RHSA-2026:5326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390", "reference_id": "show_bug.cgi?id=2014390", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390" }, { "reference_url": "https://usn.ubuntu.com/8053-1/", "reference_id": "USN-8053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/989668?format=api", "purl": "pkg:deb/debian/libvpx@1.12.0-1%2Bdeb12u5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.12.0-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2447" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzpq-6jd2-duhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77767?format=api", "vulnerability_id": "VCID-z6ey-m1f2-tucd", "summary": "A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6349.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6349.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23258", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23371", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23357", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23312", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6349" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://crbug.com/webm/1642", "reference_id": "1642", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:N/AU:N/R:A/V:D" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:01:21Z/" } ], "url": "https://crbug.com/webm/1642" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283553", "reference_id": "2283553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5941", "reference_id": "RHSA-2024:5941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4128", "reference_id": "RHSA-2026:4128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-6349" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z6ey-m1f2-tucd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77756?format=api", "vulnerability_id": "VCID-3b52-zd7f-j7cs", "summary": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91323", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91336", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91329", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91338", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06582", "scoring_system": "epss", "scoring_elements": "0.91333", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788966", "reference_id": "1788966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788966" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3876", "reference_id": "RHSA-2020:3876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4629", "reference_id": "RHSA-2020:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4629" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" }, { "reference_url": "https://usn.ubuntu.com/4199-2/", "reference_id": "USN-4199-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515753?format=api", "purl": "pkg:deb/debian/libvpx@1.6.1-3%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-4hp6-vfc9-1ken" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-mf2t-21nk-jybg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.1-3%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/516246?format=api", "purl": "pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.7.0-3%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9232" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b52-zd7f-j7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77754?format=api", "vulnerability_id": "VCID-4hp6-vfc9-1ken", "summary": "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13194.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01253", "scoring_system": "epss", "scoring_elements": "0.79684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01253", "scoring_system": "epss", "scoring_elements": "0.7971", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01253", "scoring_system": "epss", "scoring_elements": "0.79701", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01253", "scoring_system": "epss", "scoring_elements": "0.79716", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01253", "scoring_system": "epss", "scoring_elements": "0.79711", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13194" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535183", "reference_id": "1535183", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535183" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" }, { "reference_url": "https://usn.ubuntu.com/4199-2/", "reference_id": "USN-4199-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6186?format=api", "purl": "pkg:deb/debian/libvpx@1.3.0-3%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2crz-j51e-byc3" }, { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-4hp6-vfc9-1ken" }, { "vulnerability": "VCID-6yzw-8u6j-17bv" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9d3h-cyw4-zyck" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-bezz-tud7-8fgs" }, { "vulnerability": "VCID-cwdt-7ey1-5bax" }, { "vulnerability": "VCID-ew15-2e35-p3g1" }, { "vulnerability": "VCID-g8hv-2v41-7qbt" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-jn2h-kc5s-qqaa" }, { "vulnerability": "VCID-k1v4-mfs7-1kbv" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-mf2t-21nk-jybg" }, { "vulnerability": "VCID-murn-vd2z-63ec" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.3.0-3%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/515753?format=api", "purl": "pkg:deb/debian/libvpx@1.6.1-3%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-4hp6-vfc9-1ken" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-mf2t-21nk-jybg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.1-3%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/516246?format=api", "purl": "pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.7.0-3%252Bdeb10u1" } ], "aliases": [ "CVE-2017-13194" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hp6-vfc9-1ken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77757?format=api", "vulnerability_id": "VCID-9g4r-vw9q-dqfv", "summary": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92489", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92502", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92491", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92497", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08443", "scoring_system": "epss", "scoring_elements": "0.92492", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789002", "reference_id": "1789002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789002" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515753?format=api", "purl": "pkg:deb/debian/libvpx@1.6.1-3%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-4hp6-vfc9-1ken" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-mf2t-21nk-jybg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.1-3%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/516246?format=api", "purl": "pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.7.0-3%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9325" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g4r-vw9q-dqfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77761?format=api", "vulnerability_id": "VCID-m32e-5bgp-nqfg", "summary": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9433.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91865", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91877", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91875", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91879", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07386", "scoring_system": "epss", "scoring_elements": "0.91876", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788994", "reference_id": "1788994", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788994" }, { "reference_url": "https://security.gentoo.org/glsa/202003-59", "reference_id": "GLSA-202003-59", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3876", "reference_id": "RHSA-2020:3876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4629", "reference_id": "RHSA-2020:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4629" }, { "reference_url": "https://usn.ubuntu.com/4199-1/", "reference_id": "USN-4199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-1/" }, { "reference_url": "https://usn.ubuntu.com/4199-2/", "reference_id": "USN-4199-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4199-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515753?format=api", "purl": "pkg:deb/debian/libvpx@1.6.1-3%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-4hp6-vfc9-1ken" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-mf2t-21nk-jybg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.1-3%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/516246?format=api", "purl": "pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.7.0-3%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585192?format=api", "purl": "pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.9.0-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9433" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m32e-5bgp-nqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77764?format=api", "vulnerability_id": "VCID-mf2t-21nk-jybg", "summary": "In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0034.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08121", "scoring_system": "epss", "scoring_elements": "0.9231", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08121", "scoring_system": "epss", "scoring_elements": "0.92324", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08121", "scoring_system": "epss", "scoring_elements": "0.92317", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.08121", "scoring_system": "epss", "scoring_elements": "0.92321", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08121", "scoring_system": "epss", "scoring_elements": "0.92318", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0034" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813000", "reference_id": "1813000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3876", "reference_id": "RHSA-2020:3876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3876" }, { "reference_url": "https://usn.ubuntu.com/5637-1/", "reference_id": "USN-5637-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5637-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516246?format=api", "purl": "pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b52-zd7f-j7cs" }, { "vulnerability": "VCID-3w93-g24j-dbex" }, { "vulnerability": "VCID-8j9y-bsgf-bfhy" }, { "vulnerability": "VCID-9g4r-vw9q-dqfv" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-kssx-csgu-3yg3" }, { "vulnerability": "VCID-m32e-5bgp-nqfg" }, { "vulnerability": "VCID-pwcn-bk3c-eycm" }, { "vulnerability": "VCID-vzpq-6jd2-duhf" }, { "vulnerability": "VCID-z6ey-m1f2-tucd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.7.0-3%252Bdeb10u1" } ], "aliases": [ "CVE-2020-0034" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mf2t-21nk-jybg" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.7.0-3%252Bdeb10u1" }