Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582484?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "type": "deb", "namespace": "debian", "name": "expat", "version": "2.5.0-1+deb12u2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.6.0-1", "latest_non_vulnerable_version": "2.7.5-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=api", "vulnerability_id": "VCID-77y6-jskt-qucb", "summary": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18215", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18164", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/1018", "reference_id": "1018", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/1018" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1034", "reference_id": "1034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298", "reference_id": "1115298", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "reference_id": "2395108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "reference_url": "https://issues.oss-fuzz.com/issues/439133977", "reference_id": "439133977", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://issues.oss-fuzz.com/issues/439133977" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", "reference_id": "Changes#L45-L74", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19403", "reference_id": "RHSA-2025:19403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21030", "reference_id": "RHSA-2025:21030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21773", "reference_id": "RHSA-2025:21773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21974", "reference_id": "RHSA-2025:21974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22033", "reference_id": "RHSA-2025:22033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22034", "reference_id": "RHSA-2025:22034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22175", "reference_id": "RHSA-2025:22175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22618", "reference_id": "RHSA-2025:22618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22935", "reference_id": "RHSA-2025:22935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23202", "reference_id": "RHSA-2025:23202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23227", "reference_id": "RHSA-2025:23227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23248", "reference_id": "RHSA-2025:23248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23550", "reference_id": "RHSA-2025:23550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0001", "reference_id": "RHSA-2026:0001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0076", "reference_id": "RHSA-2026:0076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0077", "reference_id": "RHSA-2026:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0078", "reference_id": "RHSA-2026:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0326", "reference_id": "RHSA-2026:0326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0332", "reference_id": "RHSA-2026:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0420", "reference_id": "RHSA-2026:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0518", "reference_id": "RHSA-2026:0518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0674", "reference_id": "RHSA-2026:0674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0677", "reference_id": "RHSA-2026:0677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0702", "reference_id": "RHSA-2026:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0996", "reference_id": "RHSA-2026:0996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1541", "reference_id": "RHSA-2026:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3407", "reference_id": "RHSA-2026:3407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://usn.ubuntu.com/8022-1/", "reference_id": "USN-8022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922063?format=api", "purl": "pkg:deb/debian/expat@2.7.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59375" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64254?format=api", "vulnerability_id": "VCID-jqe4-44gw-wbhu", "summary": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01691", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01698", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01684", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01674", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131118", "reference_id": "1131118", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131118" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1159", "reference_id": "1159", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:55:22Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1159" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/1161", "reference_id": "1161", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:55:22Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/1161" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1162", "reference_id": "1162", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:55:22Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447890", "reference_id": "2447890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447890" }, { "reference_url": "https://issues.oss-fuzz.com/issues/486993411", "reference_id": "486993411", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:55:22Z/" } ], "url": "https://issues.oss-fuzz.com/issues/486993411" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32777" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqe4-44gw-wbhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64253?format=api", "vulnerability_id": "VCID-nktd-7gph-kkb1", "summary": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02312", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02305", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02317", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02321", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02307", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131119", "reference_id": "1131119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131119" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1159", "reference_id": "1159", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:38:41Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1159" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1163", "reference_id": "1163", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:38:41Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447885", "reference_id": "2447885", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32778" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nktd-7gph-kkb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77771?format=api", "vulnerability_id": "VCID-qmx9-wkj4-67h3", "summary": "expat: recursive XML entity expansion vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52426.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52426.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05799", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05829", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05869", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05895", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05876", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05867", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404", "reference_id": "0f075ec8ecb5e43f8fdca5182f8cca4703da0404", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:54:28Z/" } ], "url": "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063240", "reference_id": "1063240", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063240" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262879", "reference_id": "2262879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262879" }, { "reference_url": "https://cwe.mitre.org/data/definitions/776.html", "reference_id": "776.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:54:28Z/" } ], "url": "https://cwe.mitre.org/data/definitions/776.html" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/777", "reference_id": "777", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:54:28Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/777" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0005/", "reference_id": "ntap-20240307-0005", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:54:28Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0005/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/", "reference_id": "PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:54:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/", "reference_id": "WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:54:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586423?format=api", "purl": "pkg:deb/debian/expat@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-52426" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx9-wkj4-67h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77272?format=api", "vulnerability_id": "VCID-u5pr-wheu-h7c6", "summary": "expat: XML Entity Expansion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78877", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78879", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78902", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.7914", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.7913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79115", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/15/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/15/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065868", "reference_id": "1065868", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268766", "reference_id": "2268766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268766" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/839", "reference_id": "839", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/839" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/842", "reference_id": "842", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/842" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/", "reference_id": "FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/", "reference_id": "LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240322-0001/", "reference_id": "ntap-20240322-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240322-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1530", "reference_id": "RHSA-2024:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3926", "reference_id": "RHSA-2024:3926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3876", "reference_id": "RHSA-2026:3876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4419", "reference_id": "RHSA-2026:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4465", "reference_id": "RHSA-2026:4465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4480", "reference_id": "RHSA-2026:4480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5087", "reference_id": "RHSA-2026:5087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5087" }, { "reference_url": "https://usn.ubuntu.com/6694-1/", "reference_id": "USN-6694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6694-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/", "reference_id": "VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-11T13:15:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922061?format=api", "purl": "pkg:deb/debian/expat@2.6.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-28757" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5pr-wheu-h7c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64825?format=api", "vulnerability_id": "VCID-utz3-ytaf-cbht", "summary": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25210", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00357", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00345", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00487", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00483", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25210" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1075", "reference_id": "1075", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:53:34Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1075" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126697", "reference_id": "1126697", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126697" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435454", "reference_id": "2435454", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435454" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", "reference_id": "9c2d990389e6abe2e44527eeaa8b39f16fe859c7", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:53:34Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7" }, { "reference_url": "https://usn.ubuntu.com/8022-1/", "reference_id": "USN-8022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-1/" }, { "reference_url": "https://usn.ubuntu.com/8022-2/", "reference_id": "USN-8022-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-2/" }, { "reference_url": "https://usn.ubuntu.com/8023-1/", "reference_id": "USN-8023-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922065?format=api", "purl": "pkg:deb/debian/expat@2.7.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-25210" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utz3-ytaf-cbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64255?format=api", "vulnerability_id": "VCID-v41j-xj8s-m7ar", "summary": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02312", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02305", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02317", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02321", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02307", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131117", "reference_id": "1131117", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131117" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1158", "reference_id": "1158", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:58:32Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1158" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1159", "reference_id": "1159", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:58:32Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447888", "reference_id": "2447888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32776" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v41j-xj8s-m7ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64890?format=api", "vulnerability_id": "VCID-yw8s-ezc7-6ub8", "summary": "libexpat: libexpat null pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24515", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00366", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00351", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00369", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00357", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00354", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126277", "reference_id": "1126277", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126277" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1131", "reference_id": "1131", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T15:31:37Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432312", "reference_id": "2432312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432312" }, { "reference_url": "https://usn.ubuntu.com/8022-1/", "reference_id": "USN-8022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-1/" }, { "reference_url": "https://usn.ubuntu.com/8022-2/", "reference_id": "USN-8022-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-2/" }, { "reference_url": "https://usn.ubuntu.com/8023-1/", "reference_id": "USN-8023-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922064?format=api", "purl": "pkg:deb/debian/expat@2.7.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-24515" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yw8s-ezc7-6ub8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48158?format=api", "vulnerability_id": "VCID-1fms-7y9v-dfc5", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0340.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18528", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1867", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18439", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18572", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18477", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109", "reference_id": "1000109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001864", "reference_id": "1001864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001864" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922060?format=api", "purl": "pkg:deb/debian/expat@2.4.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0340" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fms-7y9v-dfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31414?format=api", "vulnerability_id": "VCID-28yc-wkq6-c7hb", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25313.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32656", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3262", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32526", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32491", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32518", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32553", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350", "reference_id": "2056350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/558", "reference_id": "558", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/558" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5244", "reference_id": "RHSA-2022:5244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5314", "reference_id": "RHSA-2022:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584125?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584126?format=api", "purl": "pkg:deb/debian/expat@2.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25313" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28yc-wkq6-c7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48161?format=api", "vulnerability_id": "VCID-3465-gq22-3kfy", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which may allow execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html" }, { "reference_url": "http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2824.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2824.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2486" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0718.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.8617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86105", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.8615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86162", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86176", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86174", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86115", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86131", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0718" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472" }, { "reference_url": "http://seclists.org/fulldisclosure/2017/Feb/68", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2017/Feb/68" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365" }, { "reference_url": "https://source.android.com/security/bulletin/2016-11-01.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "reference_url": "https://support.apple.com/HT206903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT206903" }, { "reference_url": "http://support.eset.com/ca6333/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.eset.com/ca6333/" }, { "reference_url": "https://www.tenable.com/security/tns-2016-20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2016-20" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3582", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3582" }, { "reference_url": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/05/17/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/12" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "http://www.securityfocus.com/bid/90729", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90729" }, { "reference_url": "http://www.securitytracker.com/id/1036348", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036348" }, { "reference_url": "http://www.securitytracker.com/id/1036415", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036415" }, { "reference_url": "http://www.securitytracker.com/id/1037705", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037705" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2983-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2983-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3044-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3044-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", "reference_id": "1296102", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718", "reference_id": "CVE-2016-0718", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", "reference_id": "CVE-2016-0718", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0718" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-68", "reference_id": "mfsa2016-68", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2824", "reference_id": "RHSA-2016:2824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2824" }, { "reference_url": "https://usn.ubuntu.com/2983-1/", "reference_id": "USN-2983-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2983-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/3044-1/", "reference_id": "USN-3044-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3044-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584606?format=api", "purl": "pkg:deb/debian/expat@2.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0718" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3465-gq22-3kfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31400?format=api", "vulnerability_id": "VCID-4c32-p11r-zud5", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57039", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57133", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57176", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994", "reference_id": "1002994", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451", "reference_id": "2044451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/531", "reference_id": "531", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/531" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/534", "reference_id": "534", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/534" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0004/", "reference_id": "ntap-20220121-0004", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", "reference_id": "show_bug.cgi?id=1217609", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45960" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c32-p11r-zud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3717?format=api", "vulnerability_id": "VCID-4zzy-q5zp-jkgm", "summary": "A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3720.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81381", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.8131", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01541", "scoring_system": "epss", "scoring_elements": "0.81394", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531697", "reference_id": "531697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531697" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936", "reference_id": "551936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560919", "reference_id": "560919", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560919" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560920", "reference_id": "560920", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560920" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560921", "reference_id": "560921", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560921" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560922", "reference_id": "560922", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560922" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560926", "reference_id": "560926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560926" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560927", "reference_id": "560927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560927" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560928", "reference_id": "560928", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560928" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560929", "reference_id": "560929", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560929" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560930", "reference_id": "560930", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560930" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560935", "reference_id": "560935", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560935" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560936", "reference_id": "560936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560936" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560937", "reference_id": "560937", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560937" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560940", "reference_id": "560940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560940" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560942", "reference_id": "560942", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560942" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560950", "reference_id": "560950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560950" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601053", "reference_id": "601053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-3720.json", "reference_id": "CVE-2009-3720", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-3720.json" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1572", "reference_id": "RHSA-2009:1572", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1625", "reference_id": "RHSA-2009:1625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0002", "reference_id": "RHSA-2010:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0491", "reference_id": "RHSA-2011:0491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0492", "reference_id": "RHSA-2011:0492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://usn.ubuntu.com/890-1/", "reference_id": "USN-890-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-1/" }, { "reference_url": "https://usn.ubuntu.com/890-2/", "reference_id": "USN-890-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-2/" }, { "reference_url": "https://usn.ubuntu.com/890-3/", "reference_id": "USN-890-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-3/" }, { "reference_url": "https://usn.ubuntu.com/890-4/", "reference_id": "USN-890-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-4/" }, { "reference_url": "https://usn.ubuntu.com/890-5/", "reference_id": "USN-890-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-5/" }, { "reference_url": "https://usn.ubuntu.com/890-6/", "reference_id": "USN-890-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583702?format=api", "purl": "pkg:deb/debian/expat@2.0.1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.0.1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-3720" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zzy-q5zp-jkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7425?format=api", "vulnerability_id": "VCID-6c4q-2my8-aqbc", "summary": "Uncontrolled Resource Consumption\nThe XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5300.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84356", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.8437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.8439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84393", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84414", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://source.android.com/security/bulletin/2016-11-01.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "reference_url": "https://www.tenable.com/security/tns-2016-20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2016-20" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3597" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/04/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/06/04/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/04/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/06/04/5" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "http://www.securityfocus.com/bid/91159", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91159" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3010-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3010-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343085", "reference_id": "1343085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343085" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5300", "reference_id": "CVE-2016-5300", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5300" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://usn.ubuntu.com/3010-1/", "reference_id": "USN-3010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3010-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584300?format=api", "purl": "pkg:deb/debian/expat@2.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5300" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6c4q-2my8-aqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62674?format=api", "vulnerability_id": "VCID-6pk2-g77j-h3b2", "summary": "An integer overflow during the parsing of XML using the Expat library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85136", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85086", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85104", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9063" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3898" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "http://www.securitytracker.com/id/1039427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039427" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396540", "reference_id": "1396540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396540" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/ASA-201706-32", "reference_id": "ASA-201706-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-32" }, { "reference_url": "https://security.archlinux.org/ASA-201707-27", "reference_id": "ASA-201707-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-27" }, { "reference_url": "https://security.archlinux.org/AVG-305", "reference_id": "AVG-305", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-305" }, { "reference_url": "https://security.archlinux.org/AVG-306", "reference_id": "AVG-306", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-306" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9063", "reference_id": "CVE-2016-9063", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9063" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584342?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9063" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pk2-g77j-h3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77770?format=api", "vulnerability_id": "VCID-7ndj-4zn8-cqa4", "summary": "expat: parsing large tokens can trigger a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81365", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81421", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81429", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063238", "reference_id": "1063238", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063238" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877", "reference_id": "2262877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/20/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/789", "reference_id": "789", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/789" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0003/", "reference_id": "ntap-20240614-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0003/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/", "reference_id": "PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1530", "reference_id": "RHSA-2024:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1615", "reference_id": "RHSA-2024:1615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2575", "reference_id": "RHSA-2024:2575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2839", "reference_id": "RHSA-2024:2839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3926", "reference_id": "RHSA-2024:3926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4259", "reference_id": "RHSA-2024:4259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://usn.ubuntu.com/6694-1/", "reference_id": "USN-6694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6694-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/", "reference_id": "WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583730?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586423?format=api", "purl": "pkg:deb/debian/expat@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-52425" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ndj-4zn8-cqa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31410?format=api", "vulnerability_id": "VCID-94fm-s7mp-vfdb", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23852.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23852.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82326", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82284", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82279", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01707", "scoring_system": "epss", "scoring_elements": "0.82306", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613", "reference_id": "2044613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/550", "reference_id": "550", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/550" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0001/", "reference_id": "ntap-20220217-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4834", "reference_id": "RHSA-2022:4834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583549?format=api", "purl": "pkg:deb/debian/expat@2.4.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-23852" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94fm-s7mp-vfdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48157?format=api", "vulnerability_id": "VCID-96wu-nph4-5yb5", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6702.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70347", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70376", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70285", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70292", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70352", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://source.android.com/security/bulletin/2016-11-01.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "reference_url": "https://www.tenable.com/security/tns-2016-20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2016-20" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3597" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/03/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/06/03/8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/04/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/06/04/1" }, { "reference_url": "http://www.securityfocus.com/bid/91483", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91483" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3010-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3010-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319731", "reference_id": "1319731", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319731" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6702", "reference_id": "CVE-2012-6702", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6702" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://usn.ubuntu.com/3010-1/", "reference_id": "USN-3010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3010-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584300?format=api", "purl": "pkg:deb/debian/expat@2.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-6702" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96wu-nph4-5yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31407?format=api", "vulnerability_id": "VCID-9ern-6htc-p7c4", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42731", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42705", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "reference_id": "2044484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22826" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ern-6htc-p7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166241?format=api", "vulnerability_id": "VCID-awtz-ujdq-efht", "summary": "The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04738", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04799", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04824", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04842", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04896", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04876", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04834", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582877?format=api", "purl": "pkg:deb/debian/expat@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11742" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awtz-ujdq-efht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31416?format=api", "vulnerability_id": "VCID-cy2n-zexk-jyda", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25315.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25315.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91915", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91888", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.9192", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91923", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91924", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91921", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07704", "scoring_system": "epss", "scoring_elements": "0.91903", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363", "reference_id": "2056363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/559", "reference_id": "559", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/559" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0815", "reference_id": "RHSA-2022:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0816", "reference_id": "RHSA-2022:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0817", "reference_id": "RHSA-2022:0817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0843", "reference_id": "RHSA-2022:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0847", "reference_id": "RHSA-2022:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0853", "reference_id": "RHSA-2022:0853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1012", "reference_id": "RHSA-2022:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1053", "reference_id": "RHSA-2022:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1068", "reference_id": "RHSA-2022:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1070", "reference_id": "RHSA-2022:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1309", "reference_id": "RHSA-2022:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584125?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584126?format=api", "purl": "pkg:deb/debian/expat@2.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25315" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy2n-zexk-jyda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47563?format=api", "vulnerability_id": "VCID-d26t-ex9d-x3ev", "summary": "Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69351", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69358", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.6938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69364", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150", "reference_id": "1080150", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616", "reference_id": "2308616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/888", "reference_id": "888", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/888" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/891", "reference_id": "891", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/891" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8859", "reference_id": "RHSA-2024:8859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" }, { "reference_url": "https://usn.ubuntu.com/7001-1/", "reference_id": "USN-7001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-1/" }, { "reference_url": "https://usn.ubuntu.com/7001-2/", "reference_id": "USN-7001-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583730?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583731?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583732?format=api", "purl": "pkg:deb/debian/expat@2.6.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45491" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d26t-ex9d-x3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31406?format=api", "vulnerability_id": "VCID-dy3x-vd1y-dbbn", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22825.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22825.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42731", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42705", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "reference_id": "2044479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22825" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy3x-vd1y-dbbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46539?format=api", "vulnerability_id": "VCID-e742-j1bw-jbbh", "summary": "Multiple vulnerabilities have been found in Expat, possibly\n resulting in Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79597", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79603", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79626", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01317", "scoring_system": "epss", "scoring_elements": "0.79821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01317", "scoring_system": "epss", "scoring_elements": "0.7985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01317", "scoring_system": "epss", "scoring_elements": "0.79858", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01317", "scoring_system": "epss", "scoring_elements": "0.7988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01317", "scoring_system": "epss", "scoring_elements": "0.79863", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01317", "scoring_system": "epss", "scoring_elements": "0.79855", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579", "reference_id": "663579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672", "reference_id": "687672", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=801648", "reference_id": "801648", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=801648" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0731", "reference_id": "RHSA-2012:0731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2957", "reference_id": "RHSA-2016:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2957" }, { "reference_url": "https://usn.ubuntu.com/1527-1/", "reference_id": "USN-1527-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-1/" }, { "reference_url": "https://usn.ubuntu.com/1527-2/", "reference_id": "USN-1527-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-2/" }, { "reference_url": "https://usn.ubuntu.com/1613-1/", "reference_id": "USN-1613-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-1/" }, { "reference_url": "https://usn.ubuntu.com/1613-2/", "reference_id": "USN-1613-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-2/" }, { "reference_url": "https://usn.ubuntu.com/7307-1/", "reference_id": "USN-7307-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7307-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582482?format=api", "purl": "pkg:deb/debian/expat@2.1.0~beta3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0~beta3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1148" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e742-j1bw-jbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46538?format=api", "vulnerability_id": "VCID-f8mk-n3um-mufk", "summary": "Multiple vulnerabilities have been found in Expat, possibly\n resulting in Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1147.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78472", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78509", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78492", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78524", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78549", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78531", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01154", "scoring_system": "epss", "scoring_elements": "0.78523", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=801634", "reference_id": "801634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=801634" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582877?format=api", "purl": "pkg:deb/debian/expat@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8mk-n3um-mufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31405?format=api", "vulnerability_id": "VCID-gf3f-k2be-67e2", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62566", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62606", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "reference_id": "2044467", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22824" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf3f-k2be-67e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47562?format=api", "vulnerability_id": "VCID-gtcn-kyd2-xqdk", "summary": "Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6703", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67042", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67062", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66982", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67006", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080149", "reference_id": "1080149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080149" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615", "reference_id": "2308615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/887", "reference_id": "887", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-30T18:17:03Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/887" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/890", "reference_id": "890", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-30T18:17:03Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/890" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" }, { "reference_url": "https://usn.ubuntu.com/7001-1/", "reference_id": "USN-7001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-1/" }, { "reference_url": "https://usn.ubuntu.com/7001-2/", "reference_id": "USN-7001-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583730?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583731?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583732?format=api", "purl": "pkg:deb/debian/expat@2.6.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45490" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtcn-kyd2-xqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48162?format=api", "vulnerability_id": "VCID-h5xc-cubs-5fgu", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4472.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84645", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84654", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84649", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8457", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84605", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84607", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84629", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84635", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365" }, { "reference_url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde" }, { "reference_url": "https://www.tenable.com/security/tns-2016-20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2016-20" }, { "reference_url": "http://www.securityfocus.com/bid/91528", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91528" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3013-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3013-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", "reference_id": "1344251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4472", "reference_id": "CVE-2016-4472", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4472" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584606?format=api", "purl": "pkg:deb/debian/expat@2.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4472" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5xc-cubs-5fgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73066?format=api", "vulnerability_id": "VCID-k2kp-fv3q-vyh2", "summary": "libexpat: expat: DoS via XML_ResumeParser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31946", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32074", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31987", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134", "reference_id": "1086134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987", "reference_id": "2321987", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/915", "reference_id": "915", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-30T18:00:51Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11200", "reference_id": "RHSA-2024:11200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9502", "reference_id": "RHSA-2024:9502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9541", "reference_id": "RHSA-2024:9541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3350", "reference_id": "RHSA-2025:3350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3350" }, { "reference_url": "https://usn.ubuntu.com/7145-1/", "reference_id": "USN-7145-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7145-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582893?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582894?format=api", "purl": "pkg:deb/debian/expat@2.6.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-50602" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2kp-fv3q-vyh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31409?format=api", "vulnerability_id": "VCID-kp8z-47q5-n7es", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51305", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51316", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5136", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51339", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51325", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "reference_id": "2044488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22827" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp8z-47q5-n7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31413?format=api", "vulnerability_id": "VCID-mddr-7zar-6kfn", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07383", "scoring_system": "epss", "scoring_elements": "0.91728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07383", "scoring_system": "epss", "scoring_elements": "0.91729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07383", "scoring_system": "epss", "scoring_elements": "0.91733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07383", "scoring_system": "epss", "scoring_elements": "0.91731", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07383", "scoring_system": "epss", "scoring_elements": "0.91721", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07383", "scoring_system": "epss", "scoring_elements": "0.91708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09358", "scoring_system": "epss", "scoring_elements": "0.92751", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09358", "scoring_system": "epss", "scoring_elements": "0.92757", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005895", "reference_id": "1005895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005895" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370", "reference_id": "2056370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/561", "reference_id": "561", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/561" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0815", "reference_id": "RHSA-2022:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0816", "reference_id": "RHSA-2022:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0817", "reference_id": "RHSA-2022:0817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0843", "reference_id": "RHSA-2022:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0847", "reference_id": "RHSA-2022:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0853", "reference_id": "RHSA-2022:0853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1012", "reference_id": "RHSA-2022:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1053", "reference_id": "RHSA-2022:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1068", "reference_id": "RHSA-2022:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1070", "reference_id": "RHSA-2022:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1309", "reference_id": "RHSA-2022:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" }, { "reference_url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", "reference_id": "Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584125?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584126?format=api", "purl": "pkg:deb/debian/expat@2.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25236" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mddr-7zar-6kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10808?format=api", "vulnerability_id": "VCID-naf7-p1jf-z3ds", "summary": "Improper Restriction of XML External Entity Reference\n`libexpat` in Expat, XML input including XML names that contain many colons could make the XML parser consume a high amount of RAM and CPU resources while processing, leading to a possible denial-of-service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90309", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90308", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90301", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90302", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90359", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90361", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20843" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/186", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/186" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", "reference_id": "11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723", "reference_id": "1723723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/262", "reference_id": "262", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/262" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jun/39" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", "reference_id": "931031", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/", "reference_id": "CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843", "reference_id": "CVE-2018-20843", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4472", "reference_id": "dsa-4472", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4472" }, { "reference_url": "https://security.gentoo.org/glsa/201911-08", "reference_id": "GLSA-201911-08", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://security.gentoo.org/glsa/201911-08" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/", "reference_id": "IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/" }, { "reference_url": "https://support.f5.com/csp/article/K51011533", "reference_id": "K51011533", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://support.f5.com/csp/article/K51011533" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html", "reference_id": "msg00039.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190703-0001/", "reference_id": "ntap-20190703-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190703-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3952", "reference_id": "RHSA-2020:3952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4484", "reference_id": "RHSA-2020:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4846", "reference_id": "RHSA-2020:4846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/4040-1/", "reference_id": "USN-4040-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://usn.ubuntu.com/4040-1/" }, { "reference_url": "https://usn.ubuntu.com/4040-2/", "reference_id": "USN-4040-2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://usn.ubuntu.com/4040-2/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4852-1/", "reference_id": "USN-USN-4852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4852-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586093?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20843" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-naf7-p1jf-z3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70786?format=api", "vulnerability_id": "VCID-nguf-68jf-ryaz", "summary": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61762", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61707", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61757", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61781", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137", "reference_id": "2310137", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/893", "reference_id": "893", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/893" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/973", "reference_id": "973", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/973" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:devworkspace:0.33::el9", "reference_id": "cpe:/a:redhat:devworkspace:0.33::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:devworkspace:0.33::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8176", "reference_id": "CVE-2024-8176", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22033", "reference_id": "RHSA-2025:22033", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22034", "reference_id": "RHSA-2025:22034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3531", "reference_id": "RHSA-2025:3531", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3734", "reference_id": "RHSA-2025:3734", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3913", "reference_id": "RHSA-2025:3913", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4048", "reference_id": "RHSA-2025:4048", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4446", "reference_id": "RHSA-2025:4446", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4447", "reference_id": "RHSA-2025:4447", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4448", "reference_id": "RHSA-2025:4448", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4449", "reference_id": "RHSA-2025:4449", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7444", "reference_id": "RHSA-2025:7444", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7512", "reference_id": "RHSA-2025:7512", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7424-1/", "reference_id": "USN-7424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7424-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922062?format=api", "purl": "pkg:deb/debian/expat@2.7.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-8176" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nguf-68jf-ryaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40854?format=api", "vulnerability_id": "VCID-nmh4-zpeh-4bcr", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" }, { "reference_url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41852", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41865", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41858", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.419", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41866", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41793", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41816", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/23" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/27" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/30" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/317", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/317" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/342", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/342" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/318", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/318" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/17" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/21" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Nov/1" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Nov/24" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Oct/29" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/30" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/37" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190926-0004/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/" }, { "reference_url": "https://support.apple.com/kb/HT210785", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210785" }, { "reference_url": "https://support.apple.com/kb/HT210788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210788" }, { "reference_url": "https://support.apple.com/kb/HT210789", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210789" }, { "reference_url": "https://support.apple.com/kb/HT210790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210790" }, { "reference_url": "https://support.apple.com/kb/HT210793", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210793" }, { "reference_url": "https://support.apple.com/kb/HT210794", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210794" }, { "reference_url": "https://support.apple.com/kb/HT210795", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210795" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4530" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4549", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4549" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4571", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4571" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.tenable.com/security/tns-2021-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592", "reference_id": "1752592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394", "reference_id": "939394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/ASA-201910-17", "reference_id": "ASA-201910-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-17" }, { "reference_url": "https://security.archlinux.org/AVG-1053", "reference_id": "AVG-1053", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1053" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903", "reference_id": "CVE-2019-15903", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903" }, { "reference_url": "https://security.gentoo.org/glsa/201911-08", "reference_id": "GLSA-201911-08", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://security.gentoo.org/glsa/201911-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3952", "reference_id": "RHSA-2020:3952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4484", "reference_id": "RHSA-2020:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/4132-1/", "reference_id": "USN-4132-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4132-1/" }, { "reference_url": "https://usn.ubuntu.com/4132-2/", "reference_id": "USN-4132-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4132-2/" }, { "reference_url": "https://usn.ubuntu.com/4165-1/", "reference_id": "USN-4165-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4165-1/" }, { "reference_url": "https://usn.ubuntu.com/4202-1/", "reference_id": "USN-4202-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4202-1/" }, { "reference_url": "https://usn.ubuntu.com/4335-1/", "reference_id": "USN-4335-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4335-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4852-1/", "reference_id": "USN-USN-4852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4852-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586813?format=api", "purl": "pkg:deb/debian/expat@2.2.7-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.7-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15903" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmh4-zpeh-4bcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47564?format=api", "vulnerability_id": "VCID-nw3z-nwyg-87e5", "summary": "Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78845", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.7887", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.78862", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080152", "reference_id": "1080152", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617", "reference_id": "2308617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/889", "reference_id": "889", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:05Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/889" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/892", "reference_id": "892", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:05Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/892" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583730?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583731?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583732?format=api", "purl": "pkg:deb/debian/expat@2.6.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.6.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45492" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw3z-nwyg-87e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31412?format=api", "vulnerability_id": "VCID-nw7y-2xct-8fa5", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13322", "scoring_system": "epss", "scoring_elements": "0.94153", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13322", "scoring_system": "epss", "scoring_elements": "0.9417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13322", "scoring_system": "epss", "scoring_elements": "0.94156", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13322", "scoring_system": "epss", "scoring_elements": "0.94166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13322", "scoring_system": "epss", "scoring_elements": "0.94175", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13322", "scoring_system": "epss", "scoring_elements": "0.94142", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005894", "reference_id": "1005894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366", "reference_id": "2056366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/562", "reference_id": "562", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/562" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0815", "reference_id": "RHSA-2022:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0816", "reference_id": "RHSA-2022:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0817", "reference_id": "RHSA-2022:0817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0843", "reference_id": "RHSA-2022:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0847", "reference_id": "RHSA-2022:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0853", "reference_id": "RHSA-2022:0853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1012", "reference_id": "RHSA-2022:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1053", "reference_id": "RHSA-2022:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1068", "reference_id": "RHSA-2022:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1070", "reference_id": "RHSA-2022:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1309", "reference_id": "RHSA-2022:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1539", "reference_id": "RHSA-2022:1539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1540", "reference_id": "RHSA-2022:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1643", "reference_id": "RHSA-2022:1643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1644", "reference_id": "RHSA-2022:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584125?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584126?format=api", "purl": "pkg:deb/debian/expat@2.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25235" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw7y-2xct-8fa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31417?format=api", "vulnerability_id": "VCID-pba8-g9ts-43bw", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77861", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.7793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77903", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77898", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77871", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761", "reference_id": "1019761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130769", "reference_id": "2130769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130769" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/629", "reference_id": "629", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/629" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/640", "reference_id": "640", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/640" }, { "reference_url": "https://security.archlinux.org/AVG-2815", "reference_id": "AVG-2815", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2815" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5236", "reference_id": "dsa-5236", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5236" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.gentoo.org/glsa/202211-06", "reference_id": "GLSA-202211-06", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://security.gentoo.org/glsa/202211-06" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/", "reference_id": "GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/", "reference_id": "J2IGJNHFV53PYST7VQV3T4NHVYAMXA36", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/", "reference_id": "LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-47", "reference_id": "mfsa2022-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-47" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0008/", "reference_id": "ntap-20221028-0008", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221028-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6831", "reference_id": "RHSA-2022:6831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6832", "reference_id": "RHSA-2022:6832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6833", "reference_id": "RHSA-2022:6833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6834", "reference_id": "RHSA-2022:6834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6838", "reference_id": "RHSA-2022:6838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6878", "reference_id": "RHSA-2022:6878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6921", "reference_id": "RHSA-2022:6921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6967", "reference_id": "RHSA-2022:6967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6995", "reference_id": "RHSA-2022:6995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6995" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6996", "reference_id": "RHSA-2022:6996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6997", "reference_id": "RHSA-2022:6997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6998", "reference_id": "RHSA-2022:6998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7019", "reference_id": "RHSA-2022:7019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7020", "reference_id": "RHSA-2022:7020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7021", "reference_id": "RHSA-2022:7021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7022", "reference_id": "RHSA-2022:7022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7023", "reference_id": "RHSA-2022:7023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7024", "reference_id": "RHSA-2022:7024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7025", "reference_id": "RHSA-2022:7025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7026", "reference_id": "RHSA-2022:7026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8598", "reference_id": "RHSA-2022:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3068", "reference_id": "RHSA-2023:3068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3068" }, { "reference_url": "https://usn.ubuntu.com/5638-1/", "reference_id": "USN-5638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-1/" }, { "reference_url": "https://usn.ubuntu.com/5638-2/", "reference_id": "USN-5638-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-2/" }, { "reference_url": "https://usn.ubuntu.com/5638-4/", "reference_id": "USN-5638-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-4/" }, { "reference_url": "https://usn.ubuntu.com/5726-1/", "reference_id": "USN-5726-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5726-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/", "reference_id": "WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/", "reference_id": "XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584613?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584614?format=api", "purl": "pkg:deb/debian/expat@2.4.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.8-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-40674" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pba8-g9ts-43bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48160?format=api", "vulnerability_id": "VCID-qcbz-21vm-eqfd", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66862", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6679", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66829", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66854", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66826", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66875", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66908", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66894", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587", "reference_id": "1245587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484", "reference_id": "793484", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484" }, { "reference_url": "https://security.gentoo.org/glsa/201603-09", "reference_id": "GLSA-201603-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-09" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1499", "reference_id": "RHSA-2015:1499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1499" }, { "reference_url": "https://usn.ubuntu.com/2677-1/", "reference_id": "USN-2677-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2677-1/" }, { "reference_url": "https://usn.ubuntu.com/2726-1/", "reference_id": "USN-2726-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2726-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4772-1/", "reference_id": "USN-USN-4772-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4772-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586692?format=api", "purl": "pkg:deb/debian/expat@2.1.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1283" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcbz-21vm-eqfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3716?format=api", "vulnerability_id": "VCID-qtav-hqnd-b7fa", "summary": "A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3560.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3560.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0283", "scoring_system": "epss", "scoring_elements": "0.86182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0283", "scoring_system": "epss", "scoring_elements": "0.86111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0283", "scoring_system": "epss", "scoring_elements": "0.86121", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0283", "scoring_system": "epss", "scoring_elements": "0.86137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0283", "scoring_system": "epss", "scoring_elements": "0.86156", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0283", "scoring_system": "epss", "scoring_elements": "0.86168", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03311", "scoring_system": "epss", "scoring_elements": "0.87253", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03311", "scoring_system": "epss", "scoring_elements": "0.87257", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3560" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=533174", "reference_id": "533174", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533174" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560901", "reference_id": "560901", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560901" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560919", "reference_id": "560919", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560919" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560920", "reference_id": "560920", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560920" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560921", "reference_id": "560921", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560921" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560922", "reference_id": "560922", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560922" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560926", "reference_id": "560926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560926" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560927", "reference_id": "560927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560927" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560928", "reference_id": "560928", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560928" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560929", "reference_id": "560929", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560929" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560930", "reference_id": "560930", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560930" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560935", "reference_id": "560935", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560935" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560936", "reference_id": "560936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560936" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560937", "reference_id": "560937", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560937" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560940", "reference_id": "560940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560940" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560942", "reference_id": "560942", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560942" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601053", "reference_id": "601053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-3560.json", "reference_id": "CVE-2009-3560", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-3560.json" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1625", "reference_id": "RHSA-2009:1625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://usn.ubuntu.com/890-1/", "reference_id": "USN-890-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-1/" }, { "reference_url": "https://usn.ubuntu.com/890-2/", "reference_id": "USN-890-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-2/" }, { "reference_url": "https://usn.ubuntu.com/890-3/", "reference_id": "USN-890-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-3/" }, { "reference_url": "https://usn.ubuntu.com/890-4/", "reference_id": "USN-890-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-4/" }, { "reference_url": "https://usn.ubuntu.com/890-5/", "reference_id": "USN-890-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-5/" }, { "reference_url": "https://usn.ubuntu.com/890-6/", "reference_id": "USN-890-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586344?format=api", "purl": "pkg:deb/debian/expat@2.0.1-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-3560" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtav-hqnd-b7fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73009?format=api", "vulnerability_id": "VCID-r14v-u2r3-rkhz", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4851", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48578", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48575", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48571", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48565", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48521", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462729", "reference_id": "1462729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462729" }, { "reference_url": "https://security.archlinux.org/ASA-201706-32", "reference_id": "ASA-201706-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-32" }, { "reference_url": "https://security.archlinux.org/ASA-201707-27", "reference_id": "ASA-201707-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-27" }, { "reference_url": "https://security.archlinux.org/AVG-305", "reference_id": "AVG-305", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-305" }, { "reference_url": "https://security.archlinux.org/AVG-306", "reference_id": "AVG-306", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-306" }, { "reference_url": "https://usn.ubuntu.com/3356-1/", "reference_id": "USN-3356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3356-1/" }, { "reference_url": "https://usn.ubuntu.com/3356-2/", "reference_id": "USN-3356-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3356-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-4825-1/", "reference_id": "USN-USN-4825-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4825-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586608?format=api", "purl": "pkg:deb/debian/expat@2.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9233" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r14v-u2r3-rkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46537?format=api", "vulnerability_id": "VCID-ra3j-95vv-cfen", "summary": "Multiple vulnerabilities have been found in Expat, possibly\n resulting in Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0876.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53862", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53778", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53797", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53824", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53849", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53847", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53878", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579", "reference_id": "663579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672", "reference_id": "687672", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617", "reference_id": "786617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0731", "reference_id": "RHSA-2012:0731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0062", "reference_id": "RHSA-2016:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2957", "reference_id": "RHSA-2016:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://usn.ubuntu.com/1527-1/", "reference_id": "USN-1527-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-1/" }, { "reference_url": "https://usn.ubuntu.com/1527-2/", "reference_id": "USN-1527-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-2/" }, { "reference_url": "https://usn.ubuntu.com/1613-1/", "reference_id": "USN-1613-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-1/" }, { "reference_url": "https://usn.ubuntu.com/1613-2/", "reference_id": "USN-1613-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582482?format=api", "purl": "pkg:deb/debian/expat@2.1.0~beta3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0~beta3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-0876" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ra3j-95vv-cfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34205?format=api", "vulnerability_id": "VCID-rjbn-1a88-87cj", "summary": "A vulnerability has been found in Expat which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6821", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743", "reference_id": "1022743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059", "reference_id": "2140059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/28/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/03/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/5" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/616", "reference_id": "616", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/616" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/649", "reference_id": "649", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/649" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/650", "reference_id": "650", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/650" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", "reference_id": "AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", "reference_id": "BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", "reference_id": "DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5266", "reference_id": "dsa-5266", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5266" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", "reference_id": "FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/" }, { "reference_url": "https://security.gentoo.org/glsa/202210-38", "reference_id": "GLSA-202210-38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://security.gentoo.org/glsa/202210-38" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", "reference_id": "IUJ2BULJTZ2BMSKQHB6US674P55UCWWS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", "reference_id": "msg00033.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0007/", "reference_id": "ntap-20221118-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8548", "reference_id": "RHSA-2022:8548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8549", "reference_id": "RHSA-2022:8549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8550", "reference_id": "RHSA-2022:8550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8553", "reference_id": "RHSA-2022:8553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8554", "reference_id": "RHSA-2022:8554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0103", "reference_id": "RHSA-2023:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0337", "reference_id": "RHSA-2023:0337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0421", "reference_id": "RHSA-2024:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5638-2/", "reference_id": "USN-5638-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-2/" }, { "reference_url": "https://usn.ubuntu.com/5638-3/", "reference_id": "USN-5638-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-3/" }, { "reference_url": "https://usn.ubuntu.com/5638-4/", "reference_id": "USN-5638-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", "reference_id": "XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586642?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-43680" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rjbn-1a88-87cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31415?format=api", "vulnerability_id": "VCID-th9f-gg4v-bbbe", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25314.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25314.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58479", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58499", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58471", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58523", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354", "reference_id": "2056354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/560", "reference_id": "560", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/560" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5244", "reference_id": "RHSA-2022:5244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5314", "reference_id": "RHSA-2022:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584125?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584126?format=api", "purl": "pkg:deb/debian/expat@2.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25314" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th9f-gg4v-bbbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31411?format=api", "vulnerability_id": "VCID-tt7m-c9zc-1kem", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87631", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87595", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87642", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87644", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87649", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87637", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356", "reference_id": "2048356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", "reference_id": "34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/551", "reference_id": "551", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/551" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", "reference_id": "R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586331?format=api", "purl": "pkg:deb/debian/expat@2.4.3-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-23990" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tt7m-c9zc-1kem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31402?format=api", "vulnerability_id": "VCID-u2yw-sybk-uug8", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22822.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79891", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79912", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79929", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.7994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79933", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "reference_id": "2044457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22822" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2yw-sybk-uug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31403?format=api", "vulnerability_id": "VCID-uw5p-szmd-8qcm", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22823.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62606", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62566", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62617", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "reference_id": "2044464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/539", "reference_id": "539", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/539" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22823" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw5p-szmd-8qcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31401?format=api", "vulnerability_id": "VCID-x8gp-vvxg-13cw", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.8857", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88578", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012179", "reference_id": "1012179", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "reference_id": "2044455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/532", "reference_id": "532", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/532" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/538", "reference_id": "538", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/538" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0006/", "reference_id": "ntap-20220121-0006", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/7913-1/", "reference_id": "USN-7913-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7913-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583269?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582483?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fms-7y9v-dfc5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nguf-68jf-ryaz" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583270?format=api", "purl": "pkg:deb/debian/expat@2.4.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.4.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582484?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-qmx9-wkj4-67h3" }, { "vulnerability": "VCID-u5pr-wheu-h7c6" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582485?format=api", "purl": "pkg:deb/debian/expat@2.7.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-jqe4-44gw-wbhu" }, { "vulnerability": "VCID-nktd-7gph-kkb1" }, { "vulnerability": "VCID-utz3-ytaf-cbht" }, { "vulnerability": "VCID-v41j-xj8s-m7ar" }, { "vulnerability": "VCID-yw8s-ezc7-6ub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582486?format=api", "purl": "pkg:deb/debian/expat@2.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-46143" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8gp-vvxg-13cw" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie" }